GraeJones01/AdPlatform-Server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changing URL to positivespend
All checks were successful
Management / build-deploy (push) Successful in 8m9s
Details

Browse Source
This commit is contained in:
Grae Jones
2026-03-21 21:00:09 -07:00
parent 1ea8716ac6
commit 86852658b8
4 changed files with 16 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
Management/Management.zip Normal file
View File

Binary file not shown.

2
Management/Security/ClientAuthMiddleware.cs
View File

@@ -255,7 +255,7 @@ public sealed class ClientAuthMiddleware
var tenantId = _config["Auth:Staff:TenantId"];
var clientId = _config["Auth:Staff:ClientId"];
var instance = _config["Auth:Staff:Instance"] ?? "https://usimclients.ciamlogin.com/";
var instance = _config["Auth:Staff:Instance"] ?? "https://login.microsoftonline.com/";
if (string.IsNullOrWhiteSpace(tenantId) || string.IsNullOrWhiteSpace(clientId))
return false;

26
Management/appsettings.json
View File

@@ -10,22 +10,26 @@
"AllowDevBypass": false,
/*
* STAFF IDENTITY Entra External ID (dev) / Entra org tenant (prod)
* STAFF IDENTITY - Microsoft Entra ID (positivespend tenant)
*
* PRODUCTION MIGRATION: update these three environment variables only.
* No code changes required.
* App registration: AdPlatform Management Staff API (af95fa13) in positivespend tenant f56a3c51.
* The Tech SPA (846a3677) authenticates against this same tenant and
* requests scope api://af95fa13-.../access_as_user.
*
* Auth__Staff__Instance https://login.microsoftonline.com/
* Auth__Staff__TenantId new company org tenant ID
* Auth__Staff__ClientId staff app registration in org tenant
* Management validates JWTs:
* issuer = login.microsoftonline.com/f56a3c51/v2.0
* audience = af95fa13 or api://af95fa13
* roles = Staff.Admin | Staff.Tech
*
* DEV: CIAM tenant used as placeholder (staff/client login looks identical).
* The API-level audience isolation is real regardless of tenant.
* These are the correct defaults - also set as env vars on the container:
* Auth__Staff__Instance = https://login.microsoftonline.com/
* Auth__Staff__TenantId = f56a3c51-9b5c-4356-920f-b4dcf932a96b
* Auth__Staff__ClientId = af95fa13-2ef4-4911-b137-7acc6a784cfa
*/
"Staff": {
"Instance": "https://usimclients.ciamlogin.com/",
"TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2",
"ClientId": "STAFF_APP_CLIENT_ID"
"Instance": "https://login.microsoftonline.com/",
"TenantId": "f56a3c51-9b5c-4356-920f-b4dcf932a96b",
"ClientId": "af95fa13-2ef4-4911-b137-7acc6a784cfa"
}
},