From b3ac8a6bcc635002e4f9c491d16bcd85c03070a5 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Mon, 6 Apr 2026 23:46:36 +0200 Subject: [PATCH] fix: set admin tenant sign-in mode to SignIn after user creation Admin tenant defaults to Register mode (onboarding flow). Since we create the admin user via API, we need to switch to SignIn mode so the custom sign-in UI can authenticate against the admin console. Co-Authored-By: Claude Opus 4.6 (1M context) --- docker/logto-bootstrap.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh index fed3277..6cd4e54 100644 --- a/docker/logto-bootstrap.sh +++ b/docker/logto-bootstrap.sh @@ -408,6 +408,10 @@ else curl -s -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \ -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true } + admin_api_patch() { + curl -s -X PATCH -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \ + -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true + } # Check if admin user already exists on admin tenant ADMIN_TENANT_USER_ID=$(admin_api_get "/api/users?search=$SAAS_ADMIN_USER" | jq -r ".[] | select(.username == \"$SAAS_ADMIN_USER\") | .id" 2>/dev/null) @@ -449,6 +453,10 @@ if [ -n "$ADMIN_TENANT_USER_ID" ] && [ "$ADMIN_TENANT_USER_ID" != "null" ]; then admin_api_post "/api/organizations/t-default/users/$ADMIN_TENANT_USER_ID/roles" "{\"organizationRoleIds\": [\"$TENANT_ADMIN_ORG_ROLE_ID\"]}" >/dev/null 2>&1 log "Added to t-default organization with admin role." fi + # Switch admin tenant sign-in mode from Register to SignIn (user already created) + admin_api_patch "/api/sign-in-exp" '{"signInMode": "SignIn"}' >/dev/null 2>&1 + log "Set admin tenant sign-in mode to SignIn." + log "SaaS admin granted Logto console access." else log "WARNING: Could not create admin console user"