This commit is contained in:
Grae Jones
@@ -1,71 +1,20 @@
|
||||
/**
|
||||
* authConfig.js - Tech Client (Staff Plane)
|
||||
*
|
||||
* APP REGISTRATION MAP (positivespend tenant: f56a3c51-9b5c-4356-920f-b4dcf932a96b)
|
||||
* -------------------------------------------------------------------------
|
||||
* Tech SPA (this app) 217928a9-4591-4dff-9f09-5b233824cf4f
|
||||
* - Platform: SPA
|
||||
* - Redirect URI: <Tech deployment origin> - must be registered in portal,
|
||||
* matches window.location.origin at runtime.
|
||||
* - API permissions: api://af95fa13-.../access_as_user (delegated)
|
||||
*
|
||||
* Management Staff API af95fa13-2ef4-4911-b137-7acc6a784cfa
|
||||
* - Exposes scope: access_as_user
|
||||
* - App roles: Staff.Admin, Staff.Tech
|
||||
* - Management validates JWTs issued for this audience
|
||||
*
|
||||
* FLOW: MSAL authenticates as 217928a9, acquires a token scoped to
|
||||
* api://af95fa13-.../access_as_user, sends as Bearer to Management API.
|
||||
* Management validates: issuer = login.microsoftonline.com/f56a3c51/v2.0,
|
||||
* audience = af95fa13 or api://af95fa13, roles = Staff.Admin | Staff.Tech.
|
||||
*/
|
||||
|
||||
// ── Staff Identity Config ─────────────────────────────────────────────────────
|
||||
|
||||
const STAFF_TENANT_ID = 'f56a3c51-9b5c-4356-920f-b4dcf932a96b';
|
||||
const STAFF_CLIENT_ID = '217928a9-4591-4dff-9f09-5b233824cf4f';
|
||||
|
||||
// PROD: swap to → 'https://login.microsoftonline.com/' + STAFF_TENANT_ID
|
||||
const STAFF_AUTHORITY = 'https://login.microsoftonline.com/' + STAFF_TENANT_ID;
|
||||
|
||||
// ── MSAL Config ───────────────────────────────────────────────────────────────
|
||||
|
||||
export const msalConfig = {
|
||||
auth: {
|
||||
clientId: STAFF_CLIENT_ID,
|
||||
authority: STAFF_AUTHORITY,
|
||||
redirectUri: window.location.origin,
|
||||
postLogoutRedirectUri: window.location.origin,
|
||||
navigateToLoginRequestUrl: true,
|
||||
clientId: '43c493e4-e1ed-4cd7-ab0a-e507e20af724',
|
||||
authority: 'https://positiveclients.ciamlogin.com/',
|
||||
redirectUri: 'https://register.positivespend.com',
|
||||
postLogoutRedirectUri: 'https://register.positivespend.com',
|
||||
knownAuthorities: ['positiveclients.ciamlogin.com'],
|
||||
},
|
||||
cache: {
|
||||
cacheLocation: 'sessionStorage',
|
||||
storeAuthStateInCookie: false,
|
||||
},
|
||||
system: {
|
||||
loggerOptions: {
|
||||
loggerCallback: (level, message, containsPii) => {
|
||||
if (containsPii) return;
|
||||
switch (level) {
|
||||
case 0: console.error(message); break;
|
||||
case 1: console.warn(message); break;
|
||||
case 2: console.info(message); break;
|
||||
case 3: console.debug(message); break;
|
||||
}
|
||||
},
|
||||
logLevel: 3,
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
export const loginRequest = {
|
||||
scopes: ["api://af95fa13-2ef4-4911-b137-7acc6a784cfa/access_as_user"]
|
||||
scopes: ['openid', 'profile', 'email'],
|
||||
};
|
||||
|
||||
// ── API Endpoints ─────────────────────────────────────────────────────────────
|
||||
|
||||
export const API_BASE = 'https://portal.positivespend.com'; // Gateway API
|
||||
export const MGMT_BASE = 'https://mgmt.positivespend.com'; // Management API
|
||||
|
||||
// Legacy — kept for backward compatibility with apiClient.js
|
||||
export const SESSION_ENDPOINT = `${API_BASE}/api/auth/session`;
|
||||
export const API_BASE_URL = 'https://portal.positivespend.com';
|
||||
export const API_FUNCTION_KEY = '';
|
||||
Reference in New Issue
Block a user