52 lines
1.7 KiB
JSON
52 lines
1.7 KiB
JSON
{
|
|
"Logging": {
|
|
"LogLevel": {
|
|
"Default": "Information",
|
|
"Microsoft.AspNetCore": "Warning"
|
|
}
|
|
},
|
|
"AllowedHosts": "*",
|
|
"Auth": {
|
|
"AllowDevBypass": false,
|
|
|
|
/*
|
|
* STAFF IDENTITY — Entra External ID (dev) / Entra org tenant (prod)
|
|
*
|
|
* PRODUCTION MIGRATION: update these three environment variables only.
|
|
* No code changes required.
|
|
*
|
|
* Auth__Staff__Instance → https://login.microsoftonline.com/
|
|
* Auth__Staff__TenantId → new company org tenant ID
|
|
* Auth__Staff__ClientId → staff app registration in org tenant
|
|
*
|
|
* DEV: CIAM tenant used as placeholder (staff/client login looks identical).
|
|
* The API-level audience isolation is real regardless of tenant.
|
|
*/
|
|
"Staff": {
|
|
"Instance": "https://usimclients.ciamlogin.com/",
|
|
"TenantId": "891f98f1-ed34-42a1-9b6c-28b0554d92c2",
|
|
"ClientId": "STAFF_APP_CLIENT_ID"
|
|
}
|
|
},
|
|
|
|
/*
|
|
* GRAPH API — app-only credentials for reading Entra org tenant users.
|
|
* Used by AdminAccessController to list platform access users.
|
|
*
|
|
* TenantId and ClientId refer to the org tenant (thematrixpoint),
|
|
* NOT the CIAM tenant. ClientSecret must be injected via env var:
|
|
* Graph__ClientSecret = <secret> (Azure Container Apps env var)
|
|
*
|
|
* PREREQUISITES (one-time Entra portal steps):
|
|
* 1. App registration: AdPlatform Staff (b0f29246-...)
|
|
* 2. API permissions → Microsoft Graph → Application → User.Read.All
|
|
* 3. Grant admin consent
|
|
* 4. Create a client secret → copy value → set Graph__ClientSecret env var
|
|
*/
|
|
"Graph": {
|
|
"TenantId": "0be4c23a-6941-4bdb-b397-a4faf88de4b3",
|
|
"ClientId": "b0f29246-91e7-4615-96db-5de9b6f8da2e",
|
|
"ClientSecret": ""
|
|
}
|
|
}
|