From 1cf01e76d743f132eea9cb8802800c42f78ce23a Mon Sep 17 00:00:00 2001
From: Dan Hatton <daniel.hatton@diamond.ac.uk>
Date: Thu, 8 May 2025 14:20:24 +0100
Subject: [PATCH 1/2] Move auth_url to security configuration from machine
 configuration as it should work on a centeralised server as well

---
 src/murfey/util/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/murfey/util/config.py b/src/murfey/util/config.py
index 22b993ca1..95f3544be 100644
--- a/src/murfey/util/config.py
+++ b/src/murfey/util/config.py
@@ -68,7 +68,6 @@ class MachineConfig(BaseModel, extra=Extra.allow):  # type: ignore
     rsync_url: str = ""
 
     security_configuration_path: Optional[Path] = None
-    auth_url: str = ""
 
     notifications_queue: str = "pato_notification"
 
@@ -88,6 +87,7 @@ class Security(BaseModel):
     crypto_key: str
     auth_key: str = ""
     auth_algorithm: str = ""
+    auth_url: str = ""
     sqlalchemy_pooling: bool = True
     allow_origins: List[str] = ["*"]
     session_validation: str = ""

From 7e1c586499587b200f0568f61957fa28390d4113 Mon Sep 17 00:00:00 2001
From: Dan Hatton <daniel.hatton@diamond.ac.uk>
Date: Thu, 8 May 2025 14:22:30 +0100
Subject: [PATCH 2/2] Auth url has moved to security configuration

---
 src/murfey/server/api/auth.py | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/murfey/server/api/auth.py b/src/murfey/server/api/auth.py
index c962fa65f..1fb30b003 100644
--- a/src/murfey/server/api/auth.py
+++ b/src/murfey/server/api/auth.py
@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import os
 import secrets
 import time
 from logging import getLogger
@@ -19,7 +18,7 @@
 
 from murfey.server import sanitise
 from murfey.server.murfey_db import murfey_db, url
-from murfey.util.config import get_machine_config, get_security_config
+from murfey.util.config import get_security_config
 from murfey.util.db import MurfeyUser as User
 from murfey.util.db import Session as MurfeySession
 
@@ -64,12 +63,7 @@ async def __call__(self, request: Request):
 
 # Set up variables used for authentication
 security_config = get_security_config()
-machine_config = get_machine_config()
-auth_url = (
-    machine_config[os.getenv("BEAMLINE", "")].auth_url
-    if machine_config.get(os.getenv("BEAMLINE", ""))
-    else ""
-)
+auth_url = security_config.auth_url
 ALGORITHM = security_config.auth_algorithm or "HS256"
 SECRET_KEY = security_config.auth_key or secrets.token_hex(32)
 if security_config.auth_type == "password":