This commit is contained in:
Grae Jones
2
Client-Tech/dist/bundle.js
vendored
2
Client-Tech/dist/bundle.js
vendored
File diff suppressed because one or more lines are too long
@@ -1,20 +1,5 @@
|
||||
/**
|
||||
* authConfig.js — Tech Client (Staff Plane)
|
||||
*
|
||||
* ┌─────────────────────────────────────────────────────────────────────────┐
|
||||
* │ PRODUCTION MIGRATION — only these values change at handoff: │
|
||||
* │ │
|
||||
* │ STAFF_AUTHORITY → 'https://login.microsoftonline.com/{ORG_TENANT}' │
|
||||
* │ STAFF_TENANT_ID → new company org tenant ID │
|
||||
* │ STAFF_CLIENT_ID → staff app registration in org tenant │
|
||||
* │ │
|
||||
* │ No other code changes required anywhere. │
|
||||
* └─────────────────────────────────────────────────────────────────────────┘
|
||||
*
|
||||
* DEV NOTE: Staff currently authenticate against the CIAM tenant (same as
|
||||
* clients) because no org tenant exists yet. The login screen looks identical
|
||||
* to the client login — this is cosmetic only. API isolation is enforced by
|
||||
* audience: staff tokens are rejected by Gateway, client tokens by Management.
|
||||
*/
|
||||
|
||||
// ── Staff Identity Config ─────────────────────────────────────────────────────
|
||||
@@ -22,9 +7,11 @@
|
||||
const STAFF_TENANT_ID = 'f56a3c51-9b5c-4356-920f-b4dcf932a96b';
|
||||
const STAFF_CLIENT_ID = '217928a9-4591-4dff-9f09-5b233824cf4f';
|
||||
|
||||
// PROD: swap to → 'https://login.microsoftonline.com/' + STAFF_TENANT_ID
|
||||
const STAFF_AUTHORITY = 'https://login.microsoftonline.com/' + STAFF_TENANT_ID;
|
||||
|
||||
// Management Staff API — resource the Tech SPA requests a token for
|
||||
const MGMT_APP_ID = 'af95fa13-2ef4-4911-b137-7acc6a784cfa';
|
||||
|
||||
// ── MSAL Config ───────────────────────────────────────────────────────────────
|
||||
|
||||
export const msalConfig = {
|
||||
@@ -33,7 +20,7 @@ export const msalConfig = {
|
||||
authority: STAFF_AUTHORITY,
|
||||
redirectUri: window.location.origin,
|
||||
postLogoutRedirectUri: window.location.origin,
|
||||
navigateToLoginRequestUrl: true,
|
||||
navigateToLoginRequestUrl: false, // ← was true, caused the loop
|
||||
},
|
||||
cache: {
|
||||
cacheLocation: 'sessionStorage',
|
||||
@@ -50,19 +37,18 @@ export const msalConfig = {
|
||||
case 3: console.debug(message); break;
|
||||
}
|
||||
},
|
||||
logLevel: 3,
|
||||
logLevel: 1, // warn + error only in prod
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
export const loginRequest = {
|
||||
scopes: ["api://4e4d69c3-558a-4a27-a689-17bd397175e5/access_as_user"]
|
||||
scopes: [`api://${MGMT_APP_ID}/access_as_user`] // ← fixed
|
||||
};
|
||||
|
||||
// ── API Endpoints ─────────────────────────────────────────────────────────────
|
||||
|
||||
export const API_BASE = 'https://adpapi.usimdev.com'; // Gateway API
|
||||
export const MGMT_BASE = 'https://adpmgmt.usimdev.com'; // Management API
|
||||
export const API_BASE = 'https://portal.positivespend.com'; // ← fixed
|
||||
export const MGMT_BASE = 'https://mgmt.positivespend.com'; // ← fixed
|
||||
|
||||
// Legacy — kept for backward compatibility with apiClient.js
|
||||
export const SESSION_ENDPOINT = `${API_BASE}/api/auth/session`;
|
||||
Reference in New Issue
Block a user