GraeJones01/AdPlatform-Server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4fd0b6c9ebf755b00c1ab1382710ce0159c20a4
AdPlatform-Server/Management/appsettings.json
Grae Jones b4fd0b6c9e
All checks were successful
Management / build-deploy (push) Successful in 31s
Details
Aligning CLient ID's
2026-03-23 13:03:08 -07:00

71 lines
2.6 KiB
JSON
Raw Blame History

{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Auth": {
"AllowDevBypass": false,
/*
* STAFF IDENTITY - Microsoft Entra ID (positivespend tenant)
*
* App registration: AdPlatform Management Staff API (af95fa13) in positivespend tenant f56a3c51.
* The Tech SPA (846a3677) authenticates against this same tenant and
* requests scope api://af95fa13-.../access_as_user.
*
* Management validates JWTs:
* issuer = login.microsoftonline.com/f56a3c51/v2.0
* audience = af95fa13 or api://af95fa13
* roles = Staff.Admin | Staff.Tech
*
* These are the correct defaults - also set as env vars on the container:
* Auth__Staff__Instance = https://login.microsoftonline.com/
* Auth__Staff__TenantId = f56a3c51-9b5c-4356-920f-b4dcf932a96b
* Auth__Staff__ClientId = af95fa13-2ef4-4911-b137-7acc6a784cfa
*/
"Staff": {
"Instance": "https://login.microsoftonline.com/",
"TenantId": "f56a3c51-9b5c-4356-920f-b4dcf932a96b",
"ClientId": "af95fa13-2ef4-4911-b137-7acc6a784cfa"
}
},
/*
* GRAPH API app-only credentials for reading Entra org tenant users.
* Used by AdminAccessController to list platform access users.
*
* TenantId and ClientId refer to the org tenant (thematrixpoint),
* NOT the CIAM tenant. ClientSecret must be injected via env var:
* Graph__ClientSecret = <secret> (Azure Container Apps env var)
*
* PREREQUISITES (one-time Entra portal steps):
* 1. App registration: AdPlatform Staff (b0f29246-...)
* 2. API permissions Microsoft Graph Application User.Read.All
* 3. Grant admin consent
* 4. Create a client secret copy value set Graph__ClientSecret env var
*/
/*
* REGISTRATION API called by RegistrationClient (typed HttpClient).
* Management proxies /api/registration/* to this service.
*
* BaseUrl: Registration ASP.NET Core container, proxied via nginx.
* Set via env var: Registration__BaseUrl
* FunctionKey: Shared secret validated by ApiKeyAuthFilter on admin endpoints.
* Set via env var: Registration__FunctionKey
* Must match Registration:FunctionKey on the RegServer.
*/
"Registration": {
"BaseUrl": "https://portal.positivespend.com/api",
"FunctionKey": ""
},
"Graph": {
"TenantId": "f56a3c51-9b5c-4356-920f-b4dcf932a96b",
"ClientId": "b0f29246-91e7-4615-96db-5de9b6f8da2e",
"ClientSecret": ""
}
}
Reference in New Issue View Git Blame Copy Permalink