# Logto Admin Credentials + Sign-In Branding — IMPLEMENTED ## Problem 1. Logto admin console and SaaS platform have separate credentials — unnecessary complexity for operators 2. Logto's sign-in page uses default Logto branding, not Cameleer's theme ## Solution ### Admin Credentials Reuse the SaaS admin user for Logto console access. The bootstrap assigns the Logto admin tenant management role to the SaaS admin user, so `SAAS_ADMIN_USER`/`SAAS_ADMIN_PASS` works for both the platform and the Logto console. **Bootstrap change:** After creating the SaaS admin user, assign them to Logto's `admin` tenant with the management role: ```sh # Assign admin tenant management role to SaaS owner ADMIN_MGMT_ROLE_ID=$(api_get "/api/roles" | jq -r '.[] | select(.name == "admin:admin") | .id') if [ -n "$ADMIN_MGMT_ROLE_ID" ]; then api_post "/api/users/$ADMIN_USER_ID/roles" "{\"roleIds\": [\"$ADMIN_MGMT_ROLE_ID\"]}" log "SaaS admin granted Logto console access." fi ``` ### Sign-In Branding Configure Logto's sign-in experience via `PATCH /api/sign-in-exp` during bootstrap. **Colors** (from `@cameleer/design-system`): - Primary: `#C6820E` (amber) - Dark primary: `#D4941E` - Dark mode enabled **Logo**: Served from SaaS app at `/platform/logo.svg` and `/platform/logo-dark.svg`. Files live in `ui/public/`. **Custom CSS**: Override fonts and button styles to match Cameleer theme. **Bootstrap API call:** ```sh api_patch "/api/sign-in-exp" "{ \"color\": { \"primaryColor\": \"#C6820E\", \"isDarkModeEnabled\": true, \"darkPrimaryColor\": \"#D4941E\" }, \"branding\": { \"logoUrl\": \"${PROTO}://${HOST}/platform/logo.svg\", \"darkLogoUrl\": \"${PROTO}://${HOST}/platform/logo-dark.svg\" } }" ``` ## Files to Modify - `docker/logto-bootstrap.sh`: - Add `api_patch` helper function (PATCH method, like `api_put` but with PATCH) - New phase: assign admin tenant role to SaaS admin user - New phase: configure sign-in experience branding - `ui/public/logo.svg` — NEW, Cameleer logo for light mode - `ui/public/logo-dark.svg` — NEW, Cameleer logo for dark mode ## Customer Experience Customer sets `SAAS_ADMIN_USER` and `SAAS_ADMIN_PASS` in `.env`. After `docker compose up`: - Login to SaaS platform at `/platform/` with those credentials - Login to Logto console at port 3002 with the same credentials - Sign-in page shows Cameleer branding automatically