fix: return browser-accessible Logto URL from /api/config

Separate LOGTO_PUBLIC_ENDPOINT (browser-facing, defaults to http://localhost:3001) from LOGTO_ENDPOINT (Docker-internal). Also fix bootstrap M2M verification by using correct Host header for default tenant token endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 00:33:43 +02:00
parent a20d36df38
commit beb3442c07
5 changed files with 17 additions and 7 deletions
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -35,6 +35,7 @@ cameleer:
    public-key-path: ${CAMELEER_JWT_PUBLIC_KEY_PATH:}
  identity:
    logto-endpoint: ${LOGTO_ENDPOINT:}
+    logto-public-endpoint: ${LOGTO_PUBLIC_ENDPOINT:}
    m2m-client-id: ${LOGTO_M2M_CLIENT_ID:}
    m2m-client-secret: ${LOGTO_M2M_CLIENT_SECRET:}
    spa-client-id: ${LOGTO_SPA_CLIENT_ID:}