portal

platform/portal

Fork 0

Commit Graph

Author	SHA1	Message	Date
sharang	f98d20ef0d	docs(dev): pin AUTH_URL to the tenant subdomain ci / e2e (pull_request) Has been skipped Details ci / image (pull_request) Has been skipped Details ci / shared (pull_request) Successful in 6s Details ci / test (pull_request) Successful in 28s Details Live-stack debugging caught this: Auth.js v5 builds the OAuth redirect_uri from AUTH_URL, NOT from the request Host header, even with AUTH_TRUST_HOST=true. If you visit http://acme.localhost:3000 with AUTH_URL=http://localhost:3000, Keycloak rejects the token exchange because the PKCE cookie was set on acme.localhost but the callback URL Auth.js sent was localhost. Fix in dev: pin AUTH_URL to the subdomain you're testing on. In prod, orca-proxy passes the right host via X-Forwarded-Host and AUTH_URL is set to the apex. Updates .env.example with a long-form note + sets AUTH_URL to the acme tenant so a copy/paste-and-go workflow Just Works. Adds a 'AUTH_URL gotcha' callout to the local-dev section in README. Refs: M5.1	2026-05-19 18:04:27 +02:00
sharang	2961f36cca	fix(dev): point TENANT_REGISTRY_URL at :8090 ci / shared (push) Successful in 6s Details ci / test (push) Successful in 29s Details ci / e2e (push) Has been skipped Details ci / image (push) Has been skipped Details Unblock local dev: Keycloak owns :8080, so tenant-registry shifts to :8090. Prod is functionally unchanged. Refs: M5.1	2026-05-19 09:47:38 +00:00
sharang	21f6d70a32	chore: bootstrap repo scaffolding (M0.1) ci / shared (push) Failing after 6s Details ci / test (push) Failing after 3s Details ci / e2e (push) Has been skipped Details ci / image (push) Has been skipped Details Bootstraps §1.2 scaffolding (README, CONTRIBUTING, CODEOWNERS, CHANGELOG, PR + issue templates, LICENSE, CI workflow, release workflow, commitlint, cliff, .editorconfig, .gitignore, .env.example) and ships a proprietary all-rights-reserved LICENSE naming both founders. Refs: M0.1	2026-05-18 19:15:34 +00:00

Author

SHA1

Message

Date

sharang

f98d20ef0d

docs(dev): pin AUTH_URL to the tenant subdomain

ci / e2e (pull_request) Has been skipped

Details

ci / image (pull_request) Has been skipped

Details

ci / shared (pull_request) Successful in 6s

Details

ci / test (pull_request) Successful in 28s

Details

Live-stack debugging caught this: Auth.js v5 builds the OAuth
redirect_uri from AUTH_URL, NOT from the request Host header, even
with AUTH_TRUST_HOST=true. If you visit http://acme.localhost:3000
with AUTH_URL=http://localhost:3000, Keycloak rejects the token
exchange because the PKCE cookie was set on acme.localhost but the
callback URL Auth.js sent was localhost.

Fix in dev: pin AUTH_URL to the subdomain you're testing on. In prod,
orca-proxy passes the right host via X-Forwarded-Host and AUTH_URL
is set to the apex.

Updates .env.example with a long-form note + sets AUTH_URL to the
acme tenant so a copy/paste-and-go workflow Just Works. Adds a
'AUTH_URL gotcha' callout to the local-dev section in README.

Refs: M5.1

2026-05-19 18:04:27 +02:00

sharang

2961f36cca

fix(dev): point TENANT_REGISTRY_URL at :8090

ci / shared (push) Successful in 6s

Details

ci / test (push) Successful in 29s

Details

ci / e2e (push) Has been skipped

Details

ci / image (push) Has been skipped

Details

Unblock local dev: Keycloak owns :8080, so tenant-registry shifts to :8090. Prod is functionally unchanged.

Refs: M5.1

2026-05-19 09:47:38 +00:00

sharang

21f6d70a32

chore: bootstrap repo scaffolding (M0.1)

ci / shared (push) Failing after 6s

Details

ci / test (push) Failing after 3s

Details

ci / e2e (push) Has been skipped

Details

ci / image (push) Has been skipped

Details

Bootstraps §1.2 scaffolding (README, CONTRIBUTING, CODEOWNERS, CHANGELOG, PR + issue templates, LICENSE, CI workflow, release workflow, commitlint, cliff, .editorconfig, .gitignore, .env.example) and ships a proprietary all-rights-reserved LICENSE naming both founders.

Refs: M0.1

2026-05-18 19:15:34 +00:00

3 Commits