Azure Settings

Client-Registration/src/auth/authConfig.js

@@ -1,35 +1,19 @@
 /**
  * MSAL Configuration for Entra External ID (Customer Identity / CIAM)
  *
- * ─── CIAM Tenant ───────────────────────────────────────────────────────────
+ * Tenant:    Positive Spend Clients
- * Tenant:    Positive Spend Clients (to be created under Grae@PositiveSpend.com)
+ * Domain:    positiveclients.onmicrosoft.com
- *
+ * Tenant ID: cbf8b7d7-1e13-486d-b5b0-287ba79fdf0b
- * After creating the CIAM tenant in Entra External ID, replace these values:
+ * SPA App:   AdPlatform Client SPA (43c493e4-e1ed-4cd7-ab0a-e507e20af724)
- *   REPLACE_WITH_CIAM_CLIENT_ID  → App registration client ID (AdPlatform Client SPA)
+ * Authority: https://positiveclients.ciamlogin.com/
- *   REPLACE_WITH_CIAM_SUBDOMAIN  → The subdomain chosen when creating the tenant
- *                                   e.g. if domain is "psclients.onmicrosoft.com"
- *                                        then subdomain is "psclients"
- *
- * Portal steps to get these values:
- *   1. entra.microsoft.com → switch to CIAM tenant
- *   2. App registrations → AdPlatform Client SPA → Overview → Application (client) ID
- *   3. Overview → Primary domain  (gives you the subdomain)
- *
- * Token flow:
- *   1. MSAL acquires ID token from CIAM tenant
- *   2. Client POSTs to Gateway with Authorization: Bearer <id_token>
- *   3. Gateway forwards to registration:8080
- *   4. Microsoft.Identity.Web validates issuer + audience
- *   5. Server extracts OID claim as entraSubjectId — client never supplies it
- * ──────────────────────────────────────────────────────────────────────────
  */
 export const msalConfig = {
     auth: {
-        clientId:              'REPLACE_WITH_CIAM_CLIENT_ID',
+        clientId:              '43c493e4-e1ed-4cd7-ab0a-e507e20af724',
-        authority:             'https://REPLACE_WITH_CIAM_SUBDOMAIN.ciamlogin.com/',
+        authority:             'https://positiveclients.ciamlogin.com/',
         redirectUri:           'https://register.positivespend.com',
         postLogoutRedirectUri: 'https://register.positivespend.com',
-        knownAuthorities:      ['REPLACE_WITH_CIAM_SUBDOMAIN.ciamlogin.com'],
+        knownAuthorities:      ['positiveclients.ciamlogin.com'],
     },
     cache: {
         cacheLocation:          'sessionStorage',
@@ -41,23 +25,6 @@ export const loginRequest = {
     scopes: ['openid', 'profile', 'email'],
 };
 
-// ═════════════════════════════════════════════════════════════════════════════
+// Gateway forwards to registration:8080 internally
-// SWAP: ASP.NET Core / self-hosted  ◄ ACTIVE
-//
-// The client posts to the Gateway (portal.positivespend.com), which internally
-// forwards to registration:8080 in docker-compose.
-// No function key needed — Bearer token is the only auth on /register.
-// Admin endpoints are called server-to-server (Management → registration:8080).
-// ═════════════════════════════════════════════════════════════════════════════
 export const API_BASE_URL     = 'https://portal.positivespend.com';
 export const API_FUNCTION_KEY = '';
-
-// ═════════════════════════════════════════════════════════════════════════════
-// SWAP: Azure Functions  ◄ INACTIVE — uncomment to restore
-//
-// Set API_BASE_URL to the Azure Function App public URL.
-// Set API_FUNCTION_KEY from Azure Portal → Function App → App Keys → default.
-//
-// export const API_BASE_URL     = 'https://REPLACE_WITH_AZURE_FUNCTION_APP_URL';
-// export const API_FUNCTION_KEY = '';
-// ═════════════════════════════════════════════════════════════════════════════