56 lines
2.0 KiB
JSON
56 lines
2.0 KiB
JSON
{
|
|
"Logging": {
|
|
"LogLevel": {
|
|
"Default": "Information",
|
|
"Microsoft.AspNetCore": "Warning"
|
|
}
|
|
},
|
|
"AllowedHosts": "*",
|
|
"Auth": {
|
|
"AllowDevBypass": false,
|
|
|
|
/*
|
|
* STAFF IDENTITY - Microsoft Entra ID (positivespend tenant)
|
|
*
|
|
* App registration: AdPlatform Management Staff API (af95fa13) in positivespend tenant f56a3c51.
|
|
* The Tech SPA (846a3677) authenticates against this same tenant and
|
|
* requests scope api://af95fa13-.../access_as_user.
|
|
*
|
|
* Management validates JWTs:
|
|
* issuer = login.microsoftonline.com/f56a3c51/v2.0
|
|
* audience = af95fa13 or api://af95fa13
|
|
* roles = Staff.Admin | Staff.Tech
|
|
*
|
|
* These are the correct defaults - also set as env vars on the container:
|
|
* Auth__Staff__Instance = https://login.microsoftonline.com/
|
|
* Auth__Staff__TenantId = f56a3c51-9b5c-4356-920f-b4dcf932a96b
|
|
* Auth__Staff__ClientId = af95fa13-2ef4-4911-b137-7acc6a784cfa
|
|
*/
|
|
"Staff": {
|
|
"Instance": "https://login.microsoftonline.com/",
|
|
"TenantId": "f56a3c51-9b5c-4356-920f-b4dcf932a96b",
|
|
"ClientId": "af95fa13-2ef4-4911-b137-7acc6a784cfa"
|
|
}
|
|
},
|
|
|
|
/*
|
|
* GRAPH API — app-only credentials for reading Entra org tenant users.
|
|
* Used by AdminAccessController to list platform access users.
|
|
*
|
|
* TenantId and ClientId refer to the org tenant (thematrixpoint),
|
|
* NOT the CIAM tenant. ClientSecret must be injected via env var:
|
|
* Graph__ClientSecret = <secret> (Azure Container Apps env var)
|
|
*
|
|
* PREREQUISITES (one-time Entra portal steps):
|
|
* 1. App registration: AdPlatform Staff (b0f29246-...)
|
|
* 2. API permissions → Microsoft Graph → Application → User.Read.All
|
|
* 3. Grant admin consent
|
|
* 4. Create a client secret → copy value → set Graph__ClientSecret env var
|
|
*/
|
|
"Graph": {
|
|
"TenantId": "f56a3c51-9b5c-4356-920f-b4dcf932a96b",
|
|
"ClientId": "b0f29246-91e7-4615-96db-5de9b6f8da2e",
|
|
"ClientSecret": ""
|
|
}
|
|
}
|