feat: unify admin identity — SAAS_ADMIN_USER is the email in SaaS mode

Move deployment mode question before admin credentials so the installer can validate email format in SaaS mode. Remove separate SAAS_ADMIN_EMAIL — the admin user value IS the email address. In standalone mode, any username is still accepted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-25 20:45:25 +02:00
parent 0da26160c6
commit 21ea9515a2
5 changed files with 71 additions and 57 deletions
--- a/README.md
+++ b/README.md
@@ -84,11 +84,10 @@ Settings can be provided via CLI flags, environment variables, config file (`cam

 | Setting | CLI Flag | Env Var | Config Key | Default |
 |---------|----------|---------|------------|---------|
-| Admin username | `--admin-user` | `SAAS_ADMIN_USER` | `admin_user` | `admin` |
+| Admin login | `--admin-user` | `SAAS_ADMIN_USER` | `admin_user` | `admin` (standalone) / `admin@<PUBLIC_HOST>` (SaaS) |
 | Admin password | `--admin-password` | `SAAS_ADMIN_PASS` | `admin_password` | auto-generated |
-| Admin email | `--admin-email` | `SAAS_ADMIN_EMAIL` | `admin_email` | `<username>@<PUBLIC_HOST>` |

-Email is the primary user identity in SaaS mode. All users — including the admin — must have an email address. If `SAAS_ADMIN_EMAIL` is not set, the bootstrap derives it from `<SAAS_ADMIN_USER>@<PUBLIC_HOST>`.
+In SaaS mode, `SAAS_ADMIN_USER` must be an email address — it is used as both the Logto username and primaryEmail. The installer validates email format in SaaS mode and auto-appends `@<PUBLIC_HOST>` if the `@` is missing. In standalone mode, any username is accepted.

 In standalone mode, the env vars are `SERVER_ADMIN_USER` / `SERVER_ADMIN_PASS`.