diff --git a/Client-Tech/src/auth/authConfig.js b/Client-Tech/src/auth/authConfig.js index 67beadc..1c2ea27 100644 --- a/Client-Tech/src/auth/authConfig.js +++ b/Client-Tech/src/auth/authConfig.js @@ -1,71 +1,20 @@ -/** - * authConfig.js - Tech Client (Staff Plane) - * - * APP REGISTRATION MAP (positivespend tenant: f56a3c51-9b5c-4356-920f-b4dcf932a96b) - * ------------------------------------------------------------------------- - * Tech SPA (this app) 217928a9-4591-4dff-9f09-5b233824cf4f - * - Platform: SPA - * - Redirect URI: - must be registered in portal, - * matches window.location.origin at runtime. - * - API permissions: api://af95fa13-.../access_as_user (delegated) - * - * Management Staff API af95fa13-2ef4-4911-b137-7acc6a784cfa - * - Exposes scope: access_as_user - * - App roles: Staff.Admin, Staff.Tech - * - Management validates JWTs issued for this audience - * - * FLOW: MSAL authenticates as 217928a9, acquires a token scoped to - * api://af95fa13-.../access_as_user, sends as Bearer to Management API. - * Management validates: issuer = login.microsoftonline.com/f56a3c51/v2.0, - * audience = af95fa13 or api://af95fa13, roles = Staff.Admin | Staff.Tech. - */ - -// ── Staff Identity Config ───────────────────────────────────────────────────── - -const STAFF_TENANT_ID = 'f56a3c51-9b5c-4356-920f-b4dcf932a96b'; -const STAFF_CLIENT_ID = '217928a9-4591-4dff-9f09-5b233824cf4f'; - -// PROD: swap to → 'https://login.microsoftonline.com/' + STAFF_TENANT_ID -const STAFF_AUTHORITY = 'https://login.microsoftonline.com/' + STAFF_TENANT_ID; - -// ── MSAL Config ─────────────────────────────────────────────────────────────── - export const msalConfig = { auth: { - clientId: STAFF_CLIENT_ID, - authority: STAFF_AUTHORITY, - redirectUri: window.location.origin, - postLogoutRedirectUri: window.location.origin, - navigateToLoginRequestUrl: true, + clientId: '43c493e4-e1ed-4cd7-ab0a-e507e20af724', + authority: 'https://positiveclients.ciamlogin.com/', + redirectUri: 'https://register.positivespend.com', + postLogoutRedirectUri: 'https://register.positivespend.com', + knownAuthorities: ['positiveclients.ciamlogin.com'], }, cache: { - cacheLocation: 'sessionStorage', + cacheLocation: 'sessionStorage', storeAuthStateInCookie: false, }, - system: { - loggerOptions: { - loggerCallback: (level, message, containsPii) => { - if (containsPii) return; - switch (level) { - case 0: console.error(message); break; - case 1: console.warn(message); break; - case 2: console.info(message); break; - case 3: console.debug(message); break; - } - }, - logLevel: 3, - }, - }, }; export const loginRequest = { - scopes: ["api://af95fa13-2ef4-4911-b137-7acc6a784cfa/access_as_user"] + scopes: ['openid', 'profile', 'email'], }; -// ── API Endpoints ───────────────────────────────────────────────────────────── - -export const API_BASE = 'https://portal.positivespend.com'; // Gateway API -export const MGMT_BASE = 'https://mgmt.positivespend.com'; // Management API - -// Legacy — kept for backward compatibility with apiClient.js -export const SESSION_ENDPOINT = `${API_BASE}/api/auth/session`; +export const API_BASE_URL = 'https://portal.positivespend.com'; +export const API_FUNCTION_KEY = ''; \ No newline at end of file