feat: unify admin identity — SAAS_ADMIN_USER is the email in SaaS mode

In SaaS mode, SAAS_ADMIN_USER must be an email address. It's used as both the Logto username and primaryEmail. No separate SAAS_ADMIN_EMAIL. Installer enforces email format in SaaS mode (moved deployment mode question before admin credentials), accepts any username in standalone. Sign-in form label changed to "Login". Removes SAAS_ADMIN_EMAIL from bootstrap, compose template, installers, and all documentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-25 20:46:24 +02:00
parent 929e7d5aed
commit 8fe18c7f83
8 changed files with 13 additions and 16 deletions
--- a/src/main/java/net/siegeln/cameleer/saas/config/CLAUDE.md
+++ b/src/main/java/net/siegeln/cameleer/saas/config/CLAUDE.md
@@ -2,7 +2,7 @@

 ## User identity

-**Email is the primary user identity** in SaaS mode. All users must have an email address — Logto enforces this via `signUp.identifiers: ["email"]` when registration is enabled. The bootstrap creates the admin user with `primaryEmail` set to `SAAS_ADMIN_EMAIL` (defaults to `<SAAS_ADMIN_USER>@<PUBLIC_HOST>`). Self-service registration requires email verification via a configured email connector (vendor UI at `/vendor/email`).
+**Email is the primary user identity** in SaaS mode. All users must have an email address — Logto enforces this via `signUp.identifiers: ["email"]` when registration is enabled. `SAAS_ADMIN_USER` IS the email address (no separate `SAAS_ADMIN_EMAIL`). The bootstrap creates the admin user with `SAAS_ADMIN_USER` as both username and `primaryEmail`. The installer enforces email format in SaaS mode. Self-service registration requires email verification via a configured email connector (vendor UI at `/vendor/email`).

 ## Auth enforcement