From 423803b303e25a32506087f23c04201d452c0ebb Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sun, 5 Apr 2026 16:38:02 +0200
Subject: [PATCH] fix: use Docker-internal URL for server OIDC issuer in
 bootstrap

Bootstrap was sending LOGTO_PUBLIC_ENDPOINT (http://localhost:3001)
as the OIDC issuer URI to the server. Inside Docker, localhost is
unreachable. Changed to LOGTO_ENDPOINT (http://logto:3001).

Also: .env must set LOGTO_ISSUER_URI=http://logto:3001/oidc (not
localhost) since this env var feeds cameleer3-server's OIDC decoder.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker/logto-bootstrap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh
index c5347ab..6690dc7 100644
--- a/docker/logto-bootstrap.sh
+++ b/docker/logto-bootstrap.sh
@@ -442,7 +442,7 @@ if [ "$SERVER_HEALTHY" = "yes" ] && [ -n "$TRAD_SECRET" ]; then
       -H "Content-Type: application/json" \
       -d "{
         \"enabled\": true,
-        \"issuerUri\": \"$LOGTO_PUBLIC_ENDPOINT/oidc\",
+        \"issuerUri\": \"$LOGTO_ENDPOINT/oidc\",
         \"clientId\": \"$TRAD_ID\",
         \"clientSecret\": \"$TRAD_SECRET\",
         \"autoSignup\": true,