docs: Logto admin credentials + branding design spec
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -0,0 +1,66 @@
|
|||||||
|
# Logto Admin Credentials + Sign-In Branding
|
||||||
|
|
||||||
|
## Problem
|
||||||
|
|
||||||
|
1. Logto admin console and SaaS platform have separate credentials — unnecessary complexity for operators
|
||||||
|
2. Logto's sign-in page uses default Logto branding, not Cameleer's theme
|
||||||
|
|
||||||
|
## Solution
|
||||||
|
|
||||||
|
### Admin Credentials
|
||||||
|
|
||||||
|
Reuse the SaaS admin user for Logto console access. The bootstrap assigns the Logto admin tenant management role to the SaaS admin user, so `SAAS_ADMIN_USER`/`SAAS_ADMIN_PASS` works for both the platform and the Logto console.
|
||||||
|
|
||||||
|
**Bootstrap change:** After creating the SaaS admin user, assign them to Logto's `admin` tenant with the management role:
|
||||||
|
```sh
|
||||||
|
# Assign admin tenant management role to SaaS owner
|
||||||
|
ADMIN_MGMT_ROLE_ID=$(api_get "/api/roles" | jq -r '.[] | select(.name == "admin:admin") | .id')
|
||||||
|
if [ -n "$ADMIN_MGMT_ROLE_ID" ]; then
|
||||||
|
api_post "/api/users/$ADMIN_USER_ID/roles" "{\"roleIds\": [\"$ADMIN_MGMT_ROLE_ID\"]}"
|
||||||
|
log "SaaS admin granted Logto console access."
|
||||||
|
fi
|
||||||
|
```
|
||||||
|
|
||||||
|
### Sign-In Branding
|
||||||
|
|
||||||
|
Configure Logto's sign-in experience via `PATCH /api/sign-in-exp` during bootstrap.
|
||||||
|
|
||||||
|
**Colors** (from `@cameleer/design-system`):
|
||||||
|
- Primary: `#C6820E` (amber)
|
||||||
|
- Dark primary: `#D4941E`
|
||||||
|
- Dark mode enabled
|
||||||
|
|
||||||
|
**Logo**: Served from SaaS app at `/platform/logo.svg` and `/platform/logo-dark.svg`. Files live in `ui/public/`.
|
||||||
|
|
||||||
|
**Custom CSS**: Override fonts and button styles to match Cameleer theme.
|
||||||
|
|
||||||
|
**Bootstrap API call:**
|
||||||
|
```sh
|
||||||
|
api_patch "/api/sign-in-exp" "{
|
||||||
|
\"color\": {
|
||||||
|
\"primaryColor\": \"#C6820E\",
|
||||||
|
\"isDarkModeEnabled\": true,
|
||||||
|
\"darkPrimaryColor\": \"#D4941E\"
|
||||||
|
},
|
||||||
|
\"branding\": {
|
||||||
|
\"logoUrl\": \"${PROTO}://${HOST}/platform/logo.svg\",
|
||||||
|
\"darkLogoUrl\": \"${PROTO}://${HOST}/platform/logo-dark.svg\"
|
||||||
|
}
|
||||||
|
}"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Files to Modify
|
||||||
|
|
||||||
|
- `docker/logto-bootstrap.sh`:
|
||||||
|
- Add `api_patch` helper function (PATCH method, like `api_put` but with PATCH)
|
||||||
|
- New phase: assign admin tenant role to SaaS admin user
|
||||||
|
- New phase: configure sign-in experience branding
|
||||||
|
- `ui/public/logo.svg` — NEW, Cameleer logo for light mode
|
||||||
|
- `ui/public/logo-dark.svg` — NEW, Cameleer logo for dark mode
|
||||||
|
|
||||||
|
## Customer Experience
|
||||||
|
|
||||||
|
Customer sets `SAAS_ADMIN_USER` and `SAAS_ADMIN_PASS` in `.env`. After `docker compose up`:
|
||||||
|
- Login to SaaS platform at `/platform/` with those credentials
|
||||||
|
- Login to Logto console at port 3002 with the same credentials
|
||||||
|
- Sign-in page shows Cameleer branding automatically
|
||||||
Reference in New Issue
Block a user