test(e2e): serve the portal + walking-skeleton Playwright e2e (closes #68) #72
@@ -14,9 +14,11 @@ export interface RuntimeConfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Build the app providers from runtime config. `redirectUrl` and `secureApiOrigin` are the app's own
|
* Build the app providers from runtime config. `redirectUrl` is the app's own origin (where Keycloak
|
||||||
* origin: the app is served same-origin as the BFF (nginx proxies /self-service + /openbaar), so the
|
* redirects back). The app is served same-origin as the BFF (nginx proxies /self-service + /openbaar),
|
||||||
* api-client's relative calls stay same-origin and the token interceptor attaches to them.
|
* so the api-client uses **relative** URLs — hence `secureRoutes` is the relative `/self-service/`
|
||||||
|
* prefix (the guarded BFF route), not the origin: the interceptor matches on `req.url`, which stays
|
||||||
|
* relative, so an origin would never match and the token would not be attached.
|
||||||
*/
|
*/
|
||||||
export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
|
export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
|
||||||
const origin = typeof window !== 'undefined' ? window.location.origin : '/';
|
const origin = typeof window !== 'undefined' ? window.location.origin : '/';
|
||||||
@@ -28,7 +30,7 @@ export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
|
|||||||
provideDigiadAuth({
|
provideDigiadAuth({
|
||||||
authority: runtime.authority,
|
authority: runtime.authority,
|
||||||
redirectUrl: origin,
|
redirectUrl: origin,
|
||||||
secureApiOrigin: origin,
|
secureRoutes: ['/self-service/'],
|
||||||
}),
|
}),
|
||||||
],
|
],
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -13,8 +13,13 @@ export interface DigiadAuthOptions {
|
|||||||
authority: string;
|
authority: string;
|
||||||
/** Where Keycloak redirects back to after login (usually the app origin). */
|
/** Where Keycloak redirects back to after login (usually the app origin). */
|
||||||
redirectUrl: string;
|
redirectUrl: string;
|
||||||
/** The BFF origin whose requests get the bearer token attached (secure route). */
|
/**
|
||||||
secureApiOrigin: string;
|
* Route prefixes whose requests get the bearer token attached. The api-client calls the BFF with
|
||||||
|
* **relative** URLs (same-origin via the nginx proxy), so these must be relative path prefixes
|
||||||
|
* (e.g. `/self-service/`) — angular-auth-oidc-client matches `req.url.startsWith(route)`, and a
|
||||||
|
* relative `req.url` never starts with an absolute origin.
|
||||||
|
*/
|
||||||
|
secureRoutes: string[];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -35,7 +40,7 @@ export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProvid
|
|||||||
responseType: 'code',
|
responseType: 'code',
|
||||||
silentRenew: true,
|
silentRenew: true,
|
||||||
useRefreshToken: true,
|
useRefreshToken: true,
|
||||||
secureRoutes: [options.secureApiOrigin],
|
secureRoutes: options.secureRoutes,
|
||||||
logLevel: LogLevel.Warn,
|
logLevel: LogLevel.Warn,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user