From df90814cc369666bb06c1611e209896e62f61a69 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sat, 11 Apr 2026 21:30:41 +0200
Subject: [PATCH] Update OIDC env vars for server's nested oidc.* grouping

Align DockerTenantProvisioner env vars with the server's new
cameleer.server.security.oidc.* namespace:
  CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI
  CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI
  CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE
  CAMELEER_SERVER_SECURITY_OIDC_TLSSKIPVERIFY

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../saas/provisioning/DockerTenantProvisioner.java        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java
index c530668..96f246d 100644
--- a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java
+++ b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java
@@ -199,9 +199,9 @@ public class DockerTenantProvisioner implements TenantProvisioner {
             "CAMELEER_SERVER_TENANT_ID=" + slug,
             "CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=" + req.licenseToken(),
             "CAMELEER_SERVER_SECURITY_JWTSECRET=cameleer-dev-jwt-secret-change-in-production",
-            "CAMELEER_SERVER_SECURITY_OIDCISSUERURI=" + props.oidcIssuerUri(),
-            "CAMELEER_SERVER_SECURITY_OIDCJWKSETURI=" + props.oidcJwkSetUri(),
-            "CAMELEER_SERVER_SECURITY_OIDCAUDIENCE=https://api.cameleer.local",
+            "CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI=" + props.oidcIssuerUri(),
+            "CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI=" + props.oidcJwkSetUri(),
+            "CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE=https://api.cameleer.local",
             "CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS=" + props.corsOrigins(),
             "CAMELEER_SERVER_LICENSE_TOKEN=" + req.licenseToken(),
             "CAMELEER_SERVER_RUNTIME_ENABLED=true",
@@ -215,7 +215,7 @@ public class DockerTenantProvisioner implements TenantProvisioner {
         ));
         // If no CA bundle exists, fall back to TLS skip for OIDC (self-signed dev)
         if (!java.nio.file.Files.exists(java.nio.file.Path.of("/certs/ca.pem"))) {
-            env.add("CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY=true");
+            env.add("CAMELEER_SERVER_SECURITY_OIDC_TLSSKIPVERIFY=true");
         }
 
         // Primary network = tenant-isolated network