cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 10: Logto OIDC Integration & Bootstrap Automation #36

New Issue
Closed
opened 2026-04-07 12:31:55 +02:00 by claude · 0 comments
claude commented 2026-04-07 12:31:55 +02:00
Owner
Copy Link

Tracks the auth overhaul work done between Phase 9 (Frontend Shell) and the current state. This phase replaced hand-rolled JWT auth with Logto OIDC and built the zero-config bootstrap.

Completed

  • Replace Ed25519 JWT auth with @logto/react SDK
  • Custom sign-in UI (ui/sign-in/) replacing Logto default experience
  • 13 OAuth2 scopes on Logto API resource
  • TenantIsolationInterceptor with fail-closed org_id validation
  • Organization roles (admin/member) with scope assignments
  • platform-admin global role for SaaS owner
  • Custom JWT claim injection (org roles → roles claim)
  • Server SSO via Traditional Web App + OIDC auto-signup
  • Bootstrap script: users, apps, roles, orgs, scopes, branding, server OIDC config
  • BootstrapDataSeeder: tenant, environment, license from bootstrap JSON
  • Path-based routing via Traefik (/platform/*, /server/*, HTTPS)
  • ProtectedRoute fix for Logto SDK isLoading toggle on every getAccessToken
  • Username display from ID token claims
  • License limits key mismatch fix (snake_case alignment)

Key commits

  • 6ccf7f3 — ProtectedRoute spinner fix, TokenSync cleanup
  • 67b35a2 — Logto Custom JWT and server OIDC rolesClaim
  • c96faa4 — Username display, license limits fix, DS v0.1.38

Status: DONE

Tracks the auth overhaul work done between Phase 9 (Frontend Shell) and the current state. This phase replaced hand-rolled JWT auth with Logto OIDC and built the zero-config bootstrap. ## Completed - [x] Replace Ed25519 JWT auth with `@logto/react` SDK - [x] Custom sign-in UI (`ui/sign-in/`) replacing Logto default experience - [x] 13 OAuth2 scopes on Logto API resource - [x] `TenantIsolationInterceptor` with fail-closed org_id validation - [x] Organization roles (admin/member) with scope assignments - [x] `platform-admin` global role for SaaS owner - [x] Custom JWT claim injection (org roles → `roles` claim) - [x] Server SSO via Traditional Web App + OIDC auto-signup - [x] Bootstrap script: users, apps, roles, orgs, scopes, branding, server OIDC config - [x] `BootstrapDataSeeder`: tenant, environment, license from bootstrap JSON - [x] Path-based routing via Traefik (`/platform/*`, `/server/*`, HTTPS) - [x] ProtectedRoute fix for Logto SDK `isLoading` toggle on every `getAccessToken` - [x] Username display from ID token claims - [x] License limits key mismatch fix (snake_case alignment) ## Key commits - `6ccf7f3` — ProtectedRoute spinner fix, TokenSync cleanup - `67b35a2` — Logto Custom JWT and server OIDC rolesClaim - `c96faa4` — Username display, license limits fix, DS v0.1.38 **Status: DONE**
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
auth
Identity, authentication, OIDC, RBAC
 billing
Billing, metering, and Stripe integration
 day-1
Required for initial launch
 epic
Top-level epic grouping related issues
 future
Planned for future release
 infra
Infrastructure, GitOps, K8s orchestration
 licensing
License module and feature gating
 networking
Network isolation, VPN, tenant separation
 observability
Observability integration (cameleer3-server)
 ops
Platform operations and self-monitoring
 phase-1
Phase 1: Foundation + Auth
 phase-2
Phase 2: Tenants + Licensing
 phase-3
Phase 3: Runtime Orchestration + Environments
 phase-4
Phase 4: Observability Pipeline + Inbound Routing
 phase-5
Phase 5: K8s Operational Layer
 phase-6
Phase 6: Billing + Metering
 phase-7
Phase 7: Billing + Metering
 phase-8
Phase 8: Security Hardening + Self-Monitoring
 phase-9
Phase 9: Frontend (React Shell)
 platform
SaaS management platform
 runtime
Camel application runtime
 secrets
Secrets management and vault integration
 security
Security, compliance, SOC 2, audit
 task
Implementation task within a phase
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#36
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?