Skip to content

Update Logto to 1.41 and fix local Admin Console connectivity#1473

Open
axies20 wants to merge 54 commits into
CommunityToolkit:mainfrom
axies20:Logto
Open

Update Logto to 1.41 and fix local Admin Console connectivity#1473
axies20 wants to merge 54 commits into
CommunityToolkit:mainfrom
axies20:Logto

Conversation

@axies20

@axies20 axies20 commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Summary

  • update the Logto container integration from 1.39 to 1.41
  • configure CORS-safe local Admin Console URLs for Aspire proxy endpoints
  • automatically populate the public Logto and Admin endpoint URLs after Aspire allocates ports
  • run database seeding and required schema alterations in a one-shot setup container before Logto starts
  • preserve the complete Logto OIDC option set and validate connection endpoint schemes
  • add JWT bearer, OIDC, connection string, endpoint, migration, and resource model tests
  • document Logto 1.41 upgrade requirements, local CORS behavior, air-gapped setup, and deprecated username configuration

Root cause

Aspire exposes the Logto API and Admin Console through separate dynamically allocated localhost proxy ports. Logto 1.41 production CORS handling removes localhost from the allowlist when both its internal Admin URL and an external Admin endpoint are present. As a result, Admin Console requests to Management API endpoints failed preflight without Access-Control-Allow-Origin, preventing resources such as Applications from being created.

Starting the container in development mode was not a viable workaround because the packaged Admin Console then proxies to an unavailable Vite development server and returns 503 Service Unavailable.

For local Aspire runs, the integration now publishes the Admin endpoint through the equivalent 127.0.0.1 loopback address and updates the dashboard link to match. This keeps the normal production container startup, serves the compiled Admin Console, and provides an origin accepted by Logto's production CORS policy.

Database upgrade

Logto 1.40 and later require database alterations during an upgrade. WithDatabaseSeeding() now creates an excluded one-shot setup container that:

  1. waits for PostgreSQL
  2. seeds the Logto database
  3. deploys alterations through latest
  4. exits successfully before the main Logto resource starts

The setup also supports Logto's --dapc option for air-gapped environments where the initial pwned-password check is unavailable.

Client changes

  • preserve all configured LogtoOptions when registering OIDC authentication
  • validate that configured endpoints use HTTP or HTTPS
  • cover JWT bearer authority, audience, metadata and custom configuration behavior

Validation

  • Logto client tests: 26 passed
  • Logto AppHost build: succeeded with 0 warnings and 0 errors
  • Logto 1.41 setup container: exited with code 0
  • Logto resource: healthy
  • Admin Console request: HTTP 200
  • Management API CORS preflight: HTTP 204
  • Access-Control-Allow-Origin matched the allocated 127.0.0.1 Admin Console origin
  • git diff --check: passed

Notes

WithSensitiveUsername(...) is marked obsolete because CASE_SENSITIVE_USERNAME is deprecated in Logto 1.41 in favor of per-tenant username policy configuration.

axies20 and others added 30 commits December 1, 2025 01:12
- Introduced `CommunityToolkit.Aspire.Hosting.Logto` project for integrating Logto with PostgreSQL and Redis.
- Added extension methods for configuring Logto containers, health checks, and resource dependencies.
- Created test projects for validating Logto container configuration and health checks.
- Added example projects under `examples/logto` showcasing Logto integration with PostgreSQL and Redis.
- Updated solution file and package references to include the new Logto project.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.Client` project for integrating Logto client configuration.
- Added `LogtoClientBuilder` for seamless setup of Logto client services in `IHostApplicationBuilder`.
- Implemented connection string helper for parsing Logto connection strings.
- Updated solution and centralized package references to include the new project.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.ClientApi` under `examples/logto` to demonstrate Logto client integration.
- Added project configuration files (`Program.cs`, `appsettings.json`, `launchSettings.json`) for application setup.
- Renamed `AddLogtoClient` to `AddLogtoSDKClient` in `LogtoClientBuilder`.
- Updated solution and centralized package references to include the new example project and dependencies.
- Introduced a new test project `CommunityToolkit.Aspire.Hosting.Logto.Client.Tests` for validating Logto client behavior.
- Added integration and unit tests for `LogtoClientBuilder` and `LogtoConnectionStringHelper`.
- Implemented OIDC authentication and JWT bearer support in `LogtoClientBuilder`.
- Extended `Program.cs` in `ClientApi` example with authentication routes (`/me`, `/signin`, `/signout`).
- Updated dependencies and centralized package references for added functionalities.
- Modified project and solution files to include updated references.
- Updated method names from `AddLogtoSDKClient` to `AddLogtoOIDC` for better alignment with OIDC usage.
- Enhanced `AddLogtoOIDC` and `AddLogtoJwtBearer` methods to support additional configuration options.
- Added `Microsoft.Extensions.DependencyInjection.Abstractions` package reference to support service registration.
- Updated tests to reflect the method renaming and new configuration capabilities.
- Extended `Program.cs` in the ClientApi example to include `UseAuthentication` and `UseAuthorization`.
- Improved consistency and readability of XML documentation across updated methods.
- Centralized package references for additional dependencies in `Directory.Packages.props`.
- Changed the `ClientApi` project to `ClientOIDC` for better alignment with OIDC standards.
- Updated method signatures in `LogtoClientBuilder` to use `appIndeficator` instead of `appId` and support multiple audience identifiers.
- Improved XML documentation consistency for updated methods.
- Adjusted solution, project references, and configuration files to reflect the renaming and API changes.
- Introduced `CommunityToolkit.Aspire.Hosting.Logto.ClientJWT` project under `examples/logto` to demonstrate Logto JWT authentication.
- Configured authentication and authorization middleware with Logto's JWT Bearer scheme in `Program.cs`.
- Added example routes (`/secure` and `/tokens`) for testing secured endpoint access and token retrieval.
- Updated `AppHost` to include `ClientJWT` project as a dependency.
- Improved XML documentation for `AddLogtoJwtBearer` methods, including updated parameter descriptions and exception handling.
…ommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj

Co-authored-by: Aaron Powell <me@aaron-powell.com>
…kit.Aspire.Hosting.Logto.Client.csproj

Co-authored-by: Aaron Powell <me@aaron-powell.com>
- Upgraded `Aspire.AppHost.Sdk` from `13.0.0` to `13.2.0` in `examples/logto/CommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj`.
- Added `Microsoft.AspNetCore.Authentication.JwtBearer` and `Microsoft.AspNetCore.Authentication.OpenIdConnect` package versions to `Directory.Packages.props`.
…o JWT configuration

- Replaced hardcoded API audience with a `const` string in `Program.cs` for improved readability and maintainability.
…ferences

- Renamed `CommunityToolkit.Aspire.Hosting.Logto.Client` to `CommunityToolkit.Aspire.Logto.Client` for improved namespace consistency.
- Updated all project, namespace, and solution references to reflect the renaming.
- Adjusted example projects (`ClientJWT` and `ClientOIDC`) and `AppHost` references accordingly.
…ed APIs and tests. Streamline naming for consistency.
axies20 and others added 19 commits May 26, 2026 00:50
…ommunityToolkit.Aspire.Hosting.Logto.AppHost.csproj
…with OIDC and JWT Bearer configurations. Update APIs, examples, and tests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This seems to be messing with local dev auth from postgres.
…ame case sensitivity settings in Logto 1.41; update Logto container tag to v1.41.
…d password check toggling; update tests and docs.
…oint URI scheme and update tests, helper methods, and documentation.
@github-actions

Copy link
Copy Markdown
Contributor

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.sh | bash -s -- 1473

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/CommunityToolkit/Aspire/main/eng/scripts/dogfood-pr.ps1) } 1473"

axies20 added 4 commits July 16, 2026 02:02
…o Logto

# Conflicts:
#	CommunityToolkit.Aspire.slnx
#	Directory.Packages.props
#	examples/logto/CommunityToolkit.Aspire.Logto.ClientJWT/Program.cs
#	src/CommunityToolkit.Aspire.Hosting.Logto/LogtoBuilderExtensions.cs
#	src/CommunityToolkit.Aspire.Hosting.Logto/LogtoResource.cs
#	src/CommunityToolkit.Aspire.Hosting.Logto/LogtoTags.cs
#	src/CommunityToolkit.Aspire.Hosting.Logto/README.md
#	src/CommunityToolkit.Aspire.Logto.Client/CommunityToolkit.Aspire.Logto.Client.csproj
#	src/CommunityToolkit.Aspire.Logto.Client/LogtoClientBuilder.cs
#	src/CommunityToolkit.Aspire.Logto.Client/LogtoConnectionStringHelper.cs
#	src/CommunityToolkit.Aspire.Logto.Client/README.md
#	tests/CommunityToolkit.Aspire.Hosting.Logto.Tests/ResourceCreationTests.cs
#	tests/CommunityToolkit.Aspire.Logto.Client.Tests/CommunityToolkit.Aspire.Logto.Client.Tests.csproj
#	tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoClientBuilderIntegrationTests.cs
#	tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoClientBuilderTests.cs
#	tests/CommunityToolkit.Aspire.Logto.Client.Tests/LogtoConnectionStringHelperTests.cs
@axies20
axies20 marked this pull request as ready for review July 16, 2026 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants