feat: enforce email as primary user identity in SaaS mode

Add SAAS_ADMIN_EMAIL env var (defaults to <user>@<host>). Pass to bootstrap for admin user creation with primaryEmail. Update README config reference and .env.example to document the email identity requirement. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-25 20:23:05 +02:00
parent 8227483580
commit b2259328d3
3 changed files with 7 additions and 0 deletions
--- a/templates/docker-compose.saas.yml
+++ b/templates/docker-compose.saas.yml
@@ -27,6 +27,7 @@ services:
      PG_DB_SAAS: cameleer_saas
      SAAS_ADMIN_USER: ${SAAS_ADMIN_USER:-admin}
      SAAS_ADMIN_PASS: ${SAAS_ADMIN_PASS:?SAAS_ADMIN_PASS must be set in .env}
+      SAAS_ADMIN_EMAIL: ${SAAS_ADMIN_EMAIL:-}
    extra_hosts:
      # Logto validates M2M tokens by fetching its own JWKS from ENDPOINT.
      # Route the public hostname back to the Docker host (Traefik on :443)