Move OIDC config to appsettings.json and add MetadataAddress
Authority, Audience, and MetadataAddress are not secrets so they belong in committed config rather than runtime env vars. MetadataAddress points to the internal Docker URL for JWKS fetch, avoiding nginx hairpinning; it is blanked in Development so the JWT middleware falls back to Authority-based discovery. RequireHttpsMetadata is disabled only when MetadataAddress is set (internal http URL). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Spencer Twaddle
@@ -5,10 +5,6 @@ POSTGRES_DB=budget
|
||||
POSTGRES_USER=budget
|
||||
POSTGRES_PASSWORD=changeme
|
||||
|
||||
# Auth
|
||||
AUTH__AUTHORITY=https://auth.stwaddle.com
|
||||
AUTH__AUDIENCE=budget_api
|
||||
|
||||
# Client (baked into Vite build)
|
||||
VITE_AUTH_AUTHORITY=https://auth.stwaddle.com
|
||||
VITE_AUTH_CLIENT_ID=budget-client
|
||||
|
||||
Reference in New Issue
Block a user