Update Logto to 1.41 and fix local Admin Console connectivity#1473
Open
axies20 wants to merge 54 commits into
Open
Update Logto to 1.41 and fix local Admin Console connectivity#1473axies20 wants to merge 54 commits into
axies20 wants to merge 54 commits into
Conversation
- Introduced `CommunityToolkit.Aspire.Hosting.Logto` project for integrating Logto with PostgreSQL and Redis. - Added extension methods for configuring Logto containers, health checks, and resource dependencies. - Created test projects for validating Logto container configuration and health checks. - Added example projects under `examples/logto` showcasing Logto integration with PostgreSQL and Redis. - Updated solution file and package references to include the new Logto project.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.Client` project for integrating Logto client configuration. - Added `LogtoClientBuilder` for seamless setup of Logto client services in `IHostApplicationBuilder`. - Implemented connection string helper for parsing Logto connection strings. - Updated solution and centralized package references to include the new project.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.ClientApi` under `examples/logto` to demonstrate Logto client integration. - Added project configuration files (`Program.cs`, `appsettings.json`, `launchSettings.json`) for application setup. - Renamed `AddLogtoClient` to `AddLogtoSDKClient` in `LogtoClientBuilder`. - Updated solution and centralized package references to include the new example project and dependencies.
- Introduced a new test project `CommunityToolkit.Aspire.Hosting.Logto.Client.Tests` for validating Logto client behavior. - Added integration and unit tests for `LogtoClientBuilder` and `LogtoConnectionStringHelper`. - Implemented OIDC authentication and JWT bearer support in `LogtoClientBuilder`. - Extended `Program.cs` in `ClientApi` example with authentication routes (`/me`, `/signin`, `/signout`). - Updated dependencies and centralized package references for added functionalities. - Modified project and solution files to include updated references.
- Updated method names from `AddLogtoSDKClient` to `AddLogtoOIDC` for better alignment with OIDC usage. - Enhanced `AddLogtoOIDC` and `AddLogtoJwtBearer` methods to support additional configuration options. - Added `Microsoft.Extensions.DependencyInjection.Abstractions` package reference to support service registration. - Updated tests to reflect the method renaming and new configuration capabilities. - Extended `Program.cs` in the ClientApi example to include `UseAuthentication` and `UseAuthorization`. - Improved consistency and readability of XML documentation across updated methods. - Centralized package references for additional dependencies in `Directory.Packages.props`.
- Changed the `ClientApi` project to `ClientOIDC` for better alignment with OIDC standards. - Updated method signatures in `LogtoClientBuilder` to use `appIndeficator` instead of `appId` and support multiple audience identifiers. - Improved XML documentation consistency for updated methods. - Adjusted solution, project references, and configuration files to reflect the renaming and API changes.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.ClientJWT` project under `examples/logto` to demonstrate Logto JWT authentication. - Configured authentication and authorization middleware with Logto's JWT Bearer scheme in `Program.cs`. - Added example routes (`/secure` and `/tokens`) for testing secured endpoint access and token retrieval. - Updated `AppHost` to include `ClientJWT` project as a dependency. - Improved XML documentation for `AddLogtoJwtBearer` methods, including updated parameter descriptions and exception handling.
…ommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj Co-authored-by: Aaron Powell <me@aaron-powell.com>
…kit.Aspire.Hosting.Logto.Client.csproj Co-authored-by: Aaron Powell <me@aaron-powell.com>
…t and package configuration files
- Upgraded `Aspire.AppHost.Sdk` from `13.0.0` to `13.2.0` in `examples/logto/CommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj`. - Added `Microsoft.AspNetCore.Authentication.JwtBearer` and `Microsoft.AspNetCore.Authentication.OpenIdConnect` package versions to `Directory.Packages.props`.
…o JWT configuration - Replaced hardcoded API audience with a `const` string in `Program.cs` for improved readability and maintainability.
…ferences - Renamed `CommunityToolkit.Aspire.Hosting.Logto.Client` to `CommunityToolkit.Aspire.Logto.Client` for improved namespace consistency. - Updated all project, namespace, and solution references to reflect the renaming. - Adjusted example projects (`ClientJWT` and `ClientOIDC`) and `AppHost` references accordingly.
…cing in Logto container
…and add support for data volume mapping.
…pHost` project reference to test project
…dom host port assignment.
…ed APIs and tests. Streamline naming for consistency.
…toBuilderExtensions`.
…ommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj
…with OIDC and JWT Bearer configurations. Update APIs, examples, and tests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This seems to be messing with local dev auth from postgres.
…audience handling.
…ame case sensitivity settings in Logto 1.41; update Logto container tag to v1.41.
…d password check toggling; update tests and docs.
…oint URI scheme and update tests, helper methods, and documentation.
…xamples, tests, and documentation.
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.sh | bash -s -- 1473Or
iex "& { $(irm https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.ps1) } 1473" |
…o Logto # Conflicts: # CommunityToolkit.Aspire.slnx # Directory.Packages.props # examples/logto/CommunityToolkit.Aspire.Logto.ClientJWT/Program.cs # src/CommunityToolkit.Aspire.Hosting.Logto/LogtoBuilderExtensions.cs # src/CommunityToolkit.Aspire.Hosting.Logto/LogtoResource.cs # src/CommunityToolkit.Aspire.Hosting.Logto/LogtoTags.cs # src/CommunityToolkit.Aspire.Hosting.Logto/README.md # src/CommunityToolkit.Aspire.Logto.Client/CommunityToolkit.Aspire.Logto.Client.csproj # src/CommunityToolkit.Aspire.Logto.Client/LogtoClientBuilder.cs # src/CommunityToolkit.Aspire.Logto.Client/LogtoConnectionStringHelper.cs # src/CommunityToolkit.Aspire.Logto.Client/README.md # tests/CommunityToolkit.Aspire.Hosting.Logto.Tests/ResourceCreationTests.cs # tests/CommunityToolkit.Aspire.Logto.Client.Tests/CommunityToolkit.Aspire.Logto.Client.Tests.csproj # tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoClientBuilderIntegrationTests.cs # tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoClientBuilderTests.cs # tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoConnectionStringHelperTests.cs
axies20
marked this pull request as ready for review
July 16, 2026 00:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Root cause
Aspire exposes the Logto API and Admin Console through separate dynamically allocated localhost proxy ports. Logto 1.41 production CORS handling removes
localhostfrom the allowlist when both its internal Admin URL and an external Admin endpoint are present. As a result, Admin Console requests to Management API endpoints failed preflight withoutAccess-Control-Allow-Origin, preventing resources such as Applications from being created.Starting the container in development mode was not a viable workaround because the packaged Admin Console then proxies to an unavailable Vite development server and returns
503 Service Unavailable.For local Aspire runs, the integration now publishes the Admin endpoint through the equivalent
127.0.0.1loopback address and updates the dashboard link to match. This keeps the normal production container startup, serves the compiled Admin Console, and provides an origin accepted by Logto's production CORS policy.Database upgrade
Logto 1.40 and later require database alterations during an upgrade.
WithDatabaseSeeding()now creates an excluded one-shot setup container that:latestThe setup also supports Logto's
--dapcoption for air-gapped environments where the initial pwned-password check is unavailable.Client changes
LogtoOptionswhen registering OIDC authenticationValidation
Access-Control-Allow-Originmatched the allocated127.0.0.1Admin Console origingit diff --check: passedNotes
WithSensitiveUsername(...)is marked obsolete becauseCASE_SENSITIVE_USERNAMEis deprecated in Logto 1.41 in favor of per-tenant username policy configuration.