b1c2832245
- CLAUDE.md: add bootstrap phase listing, document 13 scopes (10 platform + 3 server), server role mapping via scope claim, admin console access, sign-in branding - Mark server-role-mapping and logto-admin-branding specs as implemented Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.4 KiB
2.4 KiB
Logto Admin Credentials + Sign-In Branding — IMPLEMENTED
Problem
- Logto admin console and SaaS platform have separate credentials — unnecessary complexity for operators
- Logto's sign-in page uses default Logto branding, not Cameleer's theme
Solution
Admin Credentials
Reuse the SaaS admin user for Logto console access. The bootstrap assigns the Logto admin tenant management role to the SaaS admin user, so SAAS_ADMIN_USER/SAAS_ADMIN_PASS works for both the platform and the Logto console.
Bootstrap change: After creating the SaaS admin user, assign them to Logto's admin tenant with the management role:
# Assign admin tenant management role to SaaS owner
ADMIN_MGMT_ROLE_ID=$(api_get "/api/roles" | jq -r '.[] | select(.name == "admin:admin") | .id')
if [ -n "$ADMIN_MGMT_ROLE_ID" ]; then
api_post "/api/users/$ADMIN_USER_ID/roles" "{\"roleIds\": [\"$ADMIN_MGMT_ROLE_ID\"]}"
log "SaaS admin granted Logto console access."
fi
Sign-In Branding
Configure Logto's sign-in experience via PATCH /api/sign-in-exp during bootstrap.
Colors (from @cameleer/design-system):
- Primary:
#C6820E(amber) - Dark primary:
#D4941E - Dark mode enabled
Logo: Served from SaaS app at /platform/logo.svg and /platform/logo-dark.svg. Files live in ui/public/.
Custom CSS: Override fonts and button styles to match Cameleer theme.
Bootstrap API call:
api_patch "/api/sign-in-exp" "{
\"color\": {
\"primaryColor\": \"#C6820E\",
\"isDarkModeEnabled\": true,
\"darkPrimaryColor\": \"#D4941E\"
},
\"branding\": {
\"logoUrl\": \"${PROTO}://${HOST}/platform/logo.svg\",
\"darkLogoUrl\": \"${PROTO}://${HOST}/platform/logo-dark.svg\"
}
}"
Files to Modify
docker/logto-bootstrap.sh:- Add
api_patchhelper function (PATCH method, likeapi_putbut with PATCH) - New phase: assign admin tenant role to SaaS admin user
- New phase: configure sign-in experience branding
- Add
ui/public/logo.svg— NEW, Cameleer logo for light modeui/public/logo-dark.svg— NEW, Cameleer logo for dark mode
Customer Experience
Customer sets SAAS_ADMIN_USER and SAAS_ADMIN_PASS in .env. After docker compose up:
- Login to SaaS platform at
/platform/with those credentials - Login to Logto console at port 3002 with the same credentials
- Sign-in page shows Cameleer branding automatically