This commit is contained in:
Grae Jones
@@ -1,71 +1,20 @@
|
|||||||
/**
|
|
||||||
* authConfig.js - Tech Client (Staff Plane)
|
|
||||||
*
|
|
||||||
* APP REGISTRATION MAP (positivespend tenant: f56a3c51-9b5c-4356-920f-b4dcf932a96b)
|
|
||||||
* -------------------------------------------------------------------------
|
|
||||||
* Tech SPA (this app) 217928a9-4591-4dff-9f09-5b233824cf4f
|
|
||||||
* - Platform: SPA
|
|
||||||
* - Redirect URI: <Tech deployment origin> - must be registered in portal,
|
|
||||||
* matches window.location.origin at runtime.
|
|
||||||
* - API permissions: api://af95fa13-.../access_as_user (delegated)
|
|
||||||
*
|
|
||||||
* Management Staff API af95fa13-2ef4-4911-b137-7acc6a784cfa
|
|
||||||
* - Exposes scope: access_as_user
|
|
||||||
* - App roles: Staff.Admin, Staff.Tech
|
|
||||||
* - Management validates JWTs issued for this audience
|
|
||||||
*
|
|
||||||
* FLOW: MSAL authenticates as 217928a9, acquires a token scoped to
|
|
||||||
* api://af95fa13-.../access_as_user, sends as Bearer to Management API.
|
|
||||||
* Management validates: issuer = login.microsoftonline.com/f56a3c51/v2.0,
|
|
||||||
* audience = af95fa13 or api://af95fa13, roles = Staff.Admin | Staff.Tech.
|
|
||||||
*/
|
|
||||||
|
|
||||||
// ── Staff Identity Config ─────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
const STAFF_TENANT_ID = 'f56a3c51-9b5c-4356-920f-b4dcf932a96b';
|
|
||||||
const STAFF_CLIENT_ID = '217928a9-4591-4dff-9f09-5b233824cf4f';
|
|
||||||
|
|
||||||
// PROD: swap to → 'https://login.microsoftonline.com/' + STAFF_TENANT_ID
|
|
||||||
const STAFF_AUTHORITY = 'https://login.microsoftonline.com/' + STAFF_TENANT_ID;
|
|
||||||
|
|
||||||
// ── MSAL Config ───────────────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
export const msalConfig = {
|
export const msalConfig = {
|
||||||
auth: {
|
auth: {
|
||||||
clientId: STAFF_CLIENT_ID,
|
clientId: '43c493e4-e1ed-4cd7-ab0a-e507e20af724',
|
||||||
authority: STAFF_AUTHORITY,
|
authority: 'https://positiveclients.ciamlogin.com/',
|
||||||
redirectUri: window.location.origin,
|
redirectUri: 'https://register.positivespend.com',
|
||||||
postLogoutRedirectUri: window.location.origin,
|
postLogoutRedirectUri: 'https://register.positivespend.com',
|
||||||
navigateToLoginRequestUrl: true,
|
knownAuthorities: ['positiveclients.ciamlogin.com'],
|
||||||
},
|
},
|
||||||
cache: {
|
cache: {
|
||||||
cacheLocation: 'sessionStorage',
|
cacheLocation: 'sessionStorage',
|
||||||
storeAuthStateInCookie: false,
|
storeAuthStateInCookie: false,
|
||||||
},
|
},
|
||||||
system: {
|
|
||||||
loggerOptions: {
|
|
||||||
loggerCallback: (level, message, containsPii) => {
|
|
||||||
if (containsPii) return;
|
|
||||||
switch (level) {
|
|
||||||
case 0: console.error(message); break;
|
|
||||||
case 1: console.warn(message); break;
|
|
||||||
case 2: console.info(message); break;
|
|
||||||
case 3: console.debug(message); break;
|
|
||||||
}
|
|
||||||
},
|
|
||||||
logLevel: 3,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
export const loginRequest = {
|
export const loginRequest = {
|
||||||
scopes: ["api://af95fa13-2ef4-4911-b137-7acc6a784cfa/access_as_user"]
|
scopes: ['openid', 'profile', 'email'],
|
||||||
};
|
};
|
||||||
|
|
||||||
// ── API Endpoints ─────────────────────────────────────────────────────────────
|
export const API_BASE_URL = 'https://portal.positivespend.com';
|
||||||
|
export const API_FUNCTION_KEY = '';
|
||||||
export const API_BASE = 'https://portal.positivespend.com'; // Gateway API
|
|
||||||
export const MGMT_BASE = 'https://mgmt.positivespend.com'; // Management API
|
|
||||||
|
|
||||||
// Legacy — kept for backward compatibility with apiClient.js
|
|
||||||
export const SESSION_ENDPOINT = `${API_BASE}/api/auth/session`;
|
|
||||||
Reference in New Issue
Block a user