docs: Logto admin credentials + branding design spec
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -0,0 +1,66 @@
|
||||
# Logto Admin Credentials + Sign-In Branding
|
||||
|
||||
## Problem
|
||||
|
||||
1. Logto admin console and SaaS platform have separate credentials — unnecessary complexity for operators
|
||||
2. Logto's sign-in page uses default Logto branding, not Cameleer's theme
|
||||
|
||||
## Solution
|
||||
|
||||
### Admin Credentials
|
||||
|
||||
Reuse the SaaS admin user for Logto console access. The bootstrap assigns the Logto admin tenant management role to the SaaS admin user, so `SAAS_ADMIN_USER`/`SAAS_ADMIN_PASS` works for both the platform and the Logto console.
|
||||
|
||||
**Bootstrap change:** After creating the SaaS admin user, assign them to Logto's `admin` tenant with the management role:
|
||||
```sh
|
||||
# Assign admin tenant management role to SaaS owner
|
||||
ADMIN_MGMT_ROLE_ID=$(api_get "/api/roles" | jq -r '.[] | select(.name == "admin:admin") | .id')
|
||||
if [ -n "$ADMIN_MGMT_ROLE_ID" ]; then
|
||||
api_post "/api/users/$ADMIN_USER_ID/roles" "{\"roleIds\": [\"$ADMIN_MGMT_ROLE_ID\"]}"
|
||||
log "SaaS admin granted Logto console access."
|
||||
fi
|
||||
```
|
||||
|
||||
### Sign-In Branding
|
||||
|
||||
Configure Logto's sign-in experience via `PATCH /api/sign-in-exp` during bootstrap.
|
||||
|
||||
**Colors** (from `@cameleer/design-system`):
|
||||
- Primary: `#C6820E` (amber)
|
||||
- Dark primary: `#D4941E`
|
||||
- Dark mode enabled
|
||||
|
||||
**Logo**: Served from SaaS app at `/platform/logo.svg` and `/platform/logo-dark.svg`. Files live in `ui/public/`.
|
||||
|
||||
**Custom CSS**: Override fonts and button styles to match Cameleer theme.
|
||||
|
||||
**Bootstrap API call:**
|
||||
```sh
|
||||
api_patch "/api/sign-in-exp" "{
|
||||
\"color\": {
|
||||
\"primaryColor\": \"#C6820E\",
|
||||
\"isDarkModeEnabled\": true,
|
||||
\"darkPrimaryColor\": \"#D4941E\"
|
||||
},
|
||||
\"branding\": {
|
||||
\"logoUrl\": \"${PROTO}://${HOST}/platform/logo.svg\",
|
||||
\"darkLogoUrl\": \"${PROTO}://${HOST}/platform/logo-dark.svg\"
|
||||
}
|
||||
}"
|
||||
```
|
||||
|
||||
## Files to Modify
|
||||
|
||||
- `docker/logto-bootstrap.sh`:
|
||||
- Add `api_patch` helper function (PATCH method, like `api_put` but with PATCH)
|
||||
- New phase: assign admin tenant role to SaaS admin user
|
||||
- New phase: configure sign-in experience branding
|
||||
- `ui/public/logo.svg` — NEW, Cameleer logo for light mode
|
||||
- `ui/public/logo-dark.svg` — NEW, Cameleer logo for dark mode
|
||||
|
||||
## Customer Experience
|
||||
|
||||
Customer sets `SAAS_ADMIN_USER` and `SAAS_ADMIN_PASS` in `.env`. After `docker compose up`:
|
||||
- Login to SaaS platform at `/platform/` with those credentials
|
||||
- Login to Logto console at port 3002 with the same credentials
|
||||
- Sign-in page shows Cameleer branding automatically
|
||||
Reference in New Issue
Block a user