From 4dc5ad491007d157995c8149d3d42a2aaad9fef4 Mon Sep 17 00:00:00 2001
From: Spencer Twaddle <7374698+stwaddle@users.noreply.github.com>
Date: Sat, 2 May 2026 15:57:52 -0500
Subject: [PATCH] Rework client OIDC env vars: rename to VITE_OIDC_*, add
 committed .env

Renames VITE_AUTH_* to VITE_OIDC_* to match the stack convention.
Adds a dedicated VITE_OIDC_POST_LOGOUT_REDIRECT_URI instead of deriving
it from the redirect URI via string replace. Switches from Dockerfile
ARG/ENV to a committed src/Budget.Client/.env so Vite picks up
production values at build time without needing build-arg overrides.
.env.local is gitignored for localhost dev overrides.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .env.example                             | 6 ++----
 .gitignore                               | 5 ++++-
 Dockerfile                               | 8 --------
 src/Budget.Client/.env                   | 4 ++++
 src/Budget.Client/src/auth/authConfig.ts | 8 ++++----
 5 files changed, 14 insertions(+), 17 deletions(-)
 create mode 100644 src/Budget.Client/.env

diff --git a/.env.example b/.env.example
index 1fdbfb0..3ce81b6 100644
--- a/.env.example
+++ b/.env.example
@@ -5,7 +5,5 @@ POSTGRES_DB=budget
 POSTGRES_USER=budget
 POSTGRES_PASSWORD=changeme
 
-# Client (baked into Vite build)
-VITE_AUTH_AUTHORITY=https://auth.stwaddle.com
-VITE_AUTH_CLIENT_ID=budget-client
-VITE_AUTH_REDIRECT_URI=https://budget.stwaddle.com/callback
+# Note: client OIDC values live in src/Budget.Client/.env (committed).
+# Override locally in src/Budget.Client/.env.local (gitignored).
diff --git a/.gitignore b/.gitignore
index add57be..aaffe88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,7 @@ bin/
 obj/
 /packages/
 riderModule.iml
-/_ReSharper.Caches/
\ No newline at end of file
+/_ReSharper.Caches/
+
+# Local dev overrides (contain localhost URLs, not secrets)
+src/Budget.Client/.env.local
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index bc68c4d..87ae264 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,14 +5,6 @@ COPY src/Budget.Client/package*.json ./
 RUN npm ci
 COPY src/Budget.Client/ ./
 
-ARG VITE_AUTH_AUTHORITY=https://auth.stwaddle.com/
-ARG VITE_AUTH_CLIENT_ID=budget-client
-ARG VITE_AUTH_REDIRECT_URI=https://budget.stwaddle.com/callback
-
-ENV VITE_AUTH_AUTHORITY=$VITE_AUTH_AUTHORITY
-ENV VITE_AUTH_CLIENT_ID=$VITE_AUTH_CLIENT_ID
-ENV VITE_AUTH_REDIRECT_URI=$VITE_AUTH_REDIRECT_URI
-
 RUN npm run build
 
 # Stage 2: Build and publish ASP.NET app
diff --git a/src/Budget.Client/.env b/src/Budget.Client/.env
new file mode 100644
index 0000000..b67bff7
--- /dev/null
+++ b/src/Budget.Client/.env
@@ -0,0 +1,4 @@
+VITE_OIDC_AUTHORITY=https://auth.stwaddle.com
+VITE_OIDC_CLIENT_ID=budget-client
+VITE_OIDC_REDIRECT_URI=https://budget.stwaddle.com/callback
+VITE_OIDC_POST_LOGOUT_REDIRECT_URI=https://budget.stwaddle.com
diff --git a/src/Budget.Client/src/auth/authConfig.ts b/src/Budget.Client/src/auth/authConfig.ts
index 1a2acb7..dca0b19 100644
--- a/src/Budget.Client/src/auth/authConfig.ts
+++ b/src/Budget.Client/src/auth/authConfig.ts
@@ -1,11 +1,11 @@
 import type { UserManagerSettings } from 'oidc-client-ts';
 
 export const authConfig: UserManagerSettings = {
-  authority: import.meta.env.VITE_AUTH_AUTHORITY,
-  client_id: import.meta.env.VITE_AUTH_CLIENT_ID,
-  redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI,
+  authority: import.meta.env.VITE_OIDC_AUTHORITY,
+  client_id: import.meta.env.VITE_OIDC_CLIENT_ID,
+  redirect_uri: import.meta.env.VITE_OIDC_REDIRECT_URI,
   response_type: 'code',
   scope: 'openid profile email offline_access budget_api',
-  post_logout_redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI?.replace('/callback', ''),
+  post_logout_redirect_uri: import.meta.env.VITE_OIDC_POST_LOGOUT_REDIRECT_URI,
   automaticSilentRenew: true,
 };