fix: return browser-accessible Logto URL from /api/config

Separate LOGTO_PUBLIC_ENDPOINT (browser-facing, defaults to http://localhost:3001) from LOGTO_ENDPOINT (Docker-internal). Also fix bootstrap M2M verification by using correct Host header for default tenant token endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 00:33:43 +02:00
parent a20d36df38
commit beb3442c07
5 changed files with 17 additions and 7 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -92,6 +92,7 @@ services:
      SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer}
      SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
      LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001}
+      LOGTO_PUBLIC_ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001}
      LOGTO_ISSUER_URI: ${LOGTO_ISSUER_URI:-http://logto:3001/oidc}
      LOGTO_JWK_SET_URI: ${LOGTO_JWK_SET_URI:-http://logto:3001/oidc/jwks}
      LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-}