enhance: add issuer and scope to signJWT, app origins for everything

.github/workflows/cypress-testing.yml

@@ -171,6 +171,15 @@ jobs:
           SERVICE_ENDPOINTS: 'http://127.0.0.1:3000/healthz http://127.0.0.1:3001 http://127.0.0.1:3002 http://127.0.0.1:3003 http://127.0.0.1:3010'
           TIMEOUT_SECONDS: '300'
           CHECK_INTERVAL: '5'
+          # Provide all app origins to the services and tests
+          APP_ORIGIN_API: http://127.0.0.1:3000
+          APP_ORIGIN_AUTH: http://127.0.0.1:3010
+          APP_ORIGIN_LTI: http://127.0.0.1:3005
+          APP_ORIGIN_PWA: http://127.0.0.1:3001
+          APP_ORIGIN_MANAGE: http://127.0.0.1:3002
+          APP_ORIGIN_CONTROL: http://127.0.0.1:3003
+          APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
+          APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
 
       - name: Cypress run parallel with cypress-split
         uses: cypress-io/github-action@v6
@@ -190,6 +199,15 @@ jobs:
           HATCHET_API_URL: http://127.0.0.1:8888
           HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
           HATCHET_HOST_PORT: 7077
+          # Ensure Cypress process has all origins, too
+          APP_ORIGIN_API: http://127.0.0.1:3000
+          APP_ORIGIN_AUTH: http://127.0.0.1:3010
+          APP_ORIGIN_LTI: http://127.0.0.1:3005
+          APP_ORIGIN_PWA: http://127.0.0.1:3001
+          APP_ORIGIN_MANAGE: http://127.0.0.1:3002
+          APP_ORIGIN_CONTROL: http://127.0.0.1:3003
+          APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
+          APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
           SPLIT: ${{ strategy.job-total }}
           SPLIT_INDEX: ${{ strategy.job-index }}
           SPLIT_FILE: timings.json
@@ -345,6 +363,15 @@ jobs:
           SERVICE_ENDPOINTS: 'http://127.0.0.1:3000/healthz http://127.0.0.1:3001 http://127.0.0.1:3002 http://127.0.0.1:3003 http://127.0.0.1:3010'
           TIMEOUT_SECONDS: '300'
           CHECK_INTERVAL: '5'
+          # Provide all app origins to the services and tests
+          APP_ORIGIN_API: http://127.0.0.1:3000
+          APP_ORIGIN_AUTH: http://127.0.0.1:3010
+          APP_ORIGIN_LTI: http://127.0.0.1:3005
+          APP_ORIGIN_PWA: http://127.0.0.1:3001
+          APP_ORIGIN_MANAGE: http://127.0.0.1:3002
+          APP_ORIGIN_CONTROL: http://127.0.0.1:3003
+          APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
+          APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
 
       - name: Upload service logs
         if: always()
@@ -377,6 +404,15 @@ jobs:
           HATCHET_API_URL: http://127.0.0.1:8888
           HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
           HATCHET_HOST_PORT: 7077
+          # Ensure Cypress process has all origins, too
+          APP_ORIGIN_API: http://127.0.0.1:3000
+          APP_ORIGIN_AUTH: http://127.0.0.1:3010
+          APP_ORIGIN_LTI: http://127.0.0.1:3005
+          APP_ORIGIN_PWA: http://127.0.0.1:3001
+          APP_ORIGIN_MANAGE: http://127.0.0.1:3002
+          APP_ORIGIN_CONTROL: http://127.0.0.1:3003
+          APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
+          APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
 
       - if: always()
         uses: actions/upload-artifact@v4

.github/workflows/test-graphql.yml

@@ -128,3 +128,12 @@ jobs:
           HATCHET_API_URL: http://localhost:8888
           HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
           HATCHET_HOST_PORT: 7077
+          # Provide all app origins for consistency
+          APP_ORIGIN_API: http://api.klicker.com
+          APP_ORIGIN_AUTH: http://auth.klicker.com
+          APP_ORIGIN_LTI: http://lti.klicker.com
+          APP_ORIGIN_PWA: http://pwa.klicker.com
+          APP_ORIGIN_MANAGE: http://manage.klicker.com
+          APP_ORIGIN_CONTROL: http://control.klicker.com
+          APP_ORIGIN_ASSESSMENT_API: http://assessment-api.klicker.com
+          APP_ORIGIN_ASSESSMENT_PWA: http://assessment.klicker.com

apps/auth/.env.development

@@ -1,9 +1,24 @@
 COOKIE_DOMAIN=.klicker.com
-NEXTAUTH_URL=https://auth.klicker.com
 EDUID_CLIENT_ID=uzh_klicker_auth_dev
 EDUID_WELL_KNOWN=https://login.test.eduid.ch/.well-known/openid-configuration
 NEXT_PUBLIC_EDUID_ID=eduid-test
-NEXT_PUBLIC_DEFAULT_REDIRECT=https://manage.klicker.com
-NEXT_PUBLIC_AUTH_URL=https://auth.klicker.com
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker.com"
-NEXT_PUBLIC_ASSESSMENT_URL="https://assessment.klicker.com"
+
+APP_ORIGIN_API=https://api.klicker.com
+APP_ORIGIN_PWA=https://pwa.klicker.com
+APP_ORIGIN_MANAGE=https://manage.klicker.com
+APP_ORIGIN_CONTROL=https://control.klicker.com
+APP_ORIGIN_LTI=https://lti.klicker.com
+APP_ORIGIN_AUTH=https://auth.klicker.com
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker.com
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker.com
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API
+
+NEXTAUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_DEFAULT_REDIRECT=$APP_ORIGIN_MANAGE

apps/auth/.env.production

@@ -1,9 +1,24 @@
 COOKIE_DOMAIN=.klicker.uzh.ch
-NEXTAUTH_URL=https://auth.klicker.uzh.ch
 EDUID_CLIENT_ID=uzh_klicker_auth
 EDUID_WELL_KNOWN=https://login.eduid.ch/.well-known/openid-configuration
 NEXT_PUBLIC_EDUID_ID=eduid
-NEXT_PUBLIC_DEFAULT_REDIRECT=https://manage.klicker.uzh.ch
-NEXT_PUBLIC_AUTH_URL=https://auth.klicker.uzh.ch
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker.uzh.ch"
-NEXT_PUBLIC_ASSESSMENT_URL="https://assessment.klicker.uzh.ch"
+
+APP_ORIGIN_API=https://backend-sls.klicker.uzh.ch
+APP_ORIGIN_PWA=https://pwa.klicker.uzh.ch
+APP_ORIGIN_MANAGE=https://manage.klicker.uzh.ch
+APP_ORIGIN_CONTROL=https://control.klicker.uzh.ch
+APP_ORIGIN_LTI=https://lti.klicker.uzh.ch
+APP_ORIGIN_AUTH=https://auth.klicker.uzh.ch
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker.uzh.ch
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker.uzh.ch
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API
+
+NEXTAUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_DEFAULT_REDIRECT=$APP_ORIGIN_MANAGE

apps/auth/.env.qa

@@ -1,9 +1,24 @@
 COOKIE_DOMAIN=.klicker-qa.bf-app.ch
-NEXTAUTH_URL=https://auth.klicker-qa.bf-app.ch
 EDUID_CLIENT_ID=uzh_klicker_auth_stg
 EDUID_WELL_KNOWN=https://login.eduid.ch/.well-known/openid-configuration
 NEXT_PUBLIC_EDUID_ID=eduid
-NEXT_PUBLIC_DEFAULT_REDIRECT=https://manage.klicker-qa.bf-app.ch
-NEXT_PUBLIC_AUTH_URL=https://auth.klicker-qa.bf-app.ch
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker-qa.bf-app.ch"
-NEXT_PUBLIC_ASSESSMENT_URL="https://assessment.klicker-qa.bf-app.ch"
+
+APP_ORIGIN_API=https://api.klicker-qa.bf-app.ch
+APP_ORIGIN_PWA=https://pwa.klicker-qa.bf-app.ch
+APP_ORIGIN_MANAGE=https://manage.klicker-qa.bf-app.ch
+APP_ORIGIN_CONTROL=https://control.klicker-qa.bf-app.ch
+APP_ORIGIN_LTI=https://lti.klicker-qa.bf-app.ch
+APP_ORIGIN_AUTH=https://auth.klicker-qa.bf-app.ch
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker-qa.bf-app.ch
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker-qa.bf-app.ch
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API
+
+NEXTAUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_DEFAULT_REDIRECT=$APP_ORIGIN_MANAGE

apps/auth/.env.test

@@ -1,9 +1,26 @@
 COOKIE_DOMAIN=127.0.0.1
-NEXTAUTH_URL=http://127.0.0.1:3010
 EDUID_CLIENT_ID=uzh_klicker_auth_dev
 EDUID_WELL_KNOWN=https://login.test.eduid.ch/.well-known/openid-configuration
 NEXT_PUBLIC_EDUID_ID=eduid-test
-NEXT_PUBLIC_DEFAULT_REDIRECT=http://127.0.0.1:3002
 DATABASE_URL=postgres://klicker-prod:klicker@localhost:5432/klicker-prod
 APP_SECRET=abcd
-NEXT_PUBLIC_AUTH_URL=http://127.0.0.1:3010
+
+APP_ORIGIN_API=http://127.0.0.1:3000
+APP_ORIGIN_PWA=http://127.0.0.1:3001
+APP_ORIGIN_MANAGE=http://127.0.0.1:3002
+APP_ORIGIN_CONTROL=http://127.0.0.1:3003
+APP_ORIGIN_LTI=http://127.0.0.1:4000
+APP_ORIGIN_AUTH=http://127.0.0.1:3010
+APP_ORIGIN_ASSESSMENT_API=http://127.0.0.1:3000
+APP_ORIGIN_ASSESSMENT_PWA=http://127.0.0.1:3001
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API
+
+NEXTAUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_DEFAULT_REDIRECT=$APP_ORIGIN_MANAGE

apps/auth/src/pages/api/auth/[...nextauth].ts

@@ -18,6 +18,12 @@ export const PARTICIPANT_COOKIE_NAME = 'next-auth.participant-session-token'
 // Export for discourse.ts and other consumers
 export const APP_SECRET = process.env.APP_SECRET
 
+// Validate required environment variables
+if (!process.env.APP_ORIGIN_AUTH) {
+  console.error('APP_ORIGIN_AUTH is required but not defined')
+  process.exit(1)
+}
+
 // Stateless context detection - no persistent cookies, URL and referrer based only
 function getAuthContext(req: NextApiRequest): 'lecturer' | 'participant' {
   const { participant, nextauth } = req.query
@@ -130,7 +136,10 @@ export async function decode({ token, secret }: JWTDecodeParams) {
 
 export async function encode({ token, secret }: JWTEncodeParams) {
   const secretString = typeof secret === 'string' ? secret : secret.toString()
-  return signJWT((token as JWTPayload) ?? {}, secretString)
+
+  return signJWT((token as JWTPayload) ?? {}, secretString, {
+    issuer: process.env.APP_ORIGIN_AUTH,
+  })
 }
 
 function extractProviderFromAffiliationId(
@@ -615,6 +624,8 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
         },
 
         async jwt({ token, profile }) {
+          token.scope = 'EDUID'
+
           // Handle initial sign-in with participant profile
           if (profile && (profile as any).participantId) {
             token.sub = (profile as any).participantId

apps/backend-docker/.env.cypress

@@ -11,3 +11,14 @@ APP_MANAGE_SUBDOMAIN="127.0.0.1:3002"
 APP_CONTROL_SUBDOMAIN="127.0.0.1:3003"
 HATCHET_CLIENT_TOKEN=__HATCHET_CLIENT_TOKEN__
 HATCHET_CLIENT_TLS_STRATEGY=none
+# Legacy issuer vars no longer used; prefer APP_ORIGIN_*
+
+# Canonical app origins (prefer these; issuers fall back to them)
+APP_ORIGIN_AUTH="http://127.0.0.1:3010"
+APP_ORIGIN_API="http://127.0.0.1:3000"
+APP_ORIGIN_LTI="http://127.0.0.1:4000"
+APP_ORIGIN_PWA="http://127.0.0.1:3001"
+APP_ORIGIN_MANAGE="http://127.0.0.1:3002"
+APP_ORIGIN_CONTROL="http://127.0.0.1:3003"
+APP_ORIGIN_ASSESSMENT_API="http://127.0.0.1:3000"
+APP_ORIGIN_ASSESSMENT_PWA="http://127.0.0.1:3001"

apps/backend-docker/.env.example

@@ -11,3 +11,14 @@ APP_MANAGE_SUBDOMAIN="127.0.0.1:3002"
 APP_CONTROL_SUBDOMAIN="127.0.0.1:3003"
 HATCHET_CLIENT_TOKEN=__HATCHET_CLIENT_TOKEN__
 HATCHET_CLIENT_TLS_STRATEGY=none
+# Legacy issuer vars no longer used; prefer APP_ORIGIN_*
+
+# Canonical app origins (prefer these; issuers fall back to them)
+APP_ORIGIN_AUTH="http://127.0.0.1:3010"
+APP_ORIGIN_API="http://127.0.0.1:3000"
+APP_ORIGIN_LTI="http://127.0.0.1:4000"
+APP_ORIGIN_PWA="http://127.0.0.1:3001"
+APP_ORIGIN_MANAGE="http://127.0.0.1:3002"
+APP_ORIGIN_CONTROL="http://127.0.0.1:3003"
+APP_ORIGIN_ASSESSMENT_API="http://127.0.0.1:3000"
+APP_ORIGIN_ASSESSMENT_PWA="http://127.0.0.1:3001"

apps/backend-docker/src/index.ts

@@ -78,7 +78,7 @@ if (redisCache) {
   cache = createInMemoryCache()
 }
 
-emitter.on('invalidate', (resource) => {
+emitter.on('invalidate', (resource: any) => {
   cache.invalidate([
     {
       typename: resource.typename,
@@ -118,6 +118,12 @@ migrate(prisma).then(() => {
     tasks,
   })
 
+  // Validate required environment variables at startup
+  if (!process.env.APP_ORIGIN_API) {
+    console.error('APP_ORIGIN_API is required but not defined')
+    process.exit(1)
+  }
+
   const server = app.listen(3000, () => {
     console.log(`GraphQL API located at 0.0.0.0:3000${yogaApp.graphqlEndpoint}`)
 

apps/docs/package.json

@@ -44,7 +44,7 @@
     "typescript": "~5.6.3"
   },
   "scripts": {
-    "build": "docusaurus build",
+    "build:docs": "docusaurus build",
     "deploy": "docusaurus deploy",
     "dev:docs": "docusaurus start --port 5500",
     "docusaurus": "docusaurus",

apps/frontend-control/.env.development

@@ -5,8 +5,19 @@ NEXT_PUBLIC_AVATAR_BASE_PATH="https://sos-ch-dk-2.exo.io/klicker-prod/avatars"
 NEXT_PUBLIC_API_URL="https://$API_DOMAIN/api/graphql"
 NEXT_PUBLIC_API_URL_SSR=http://127.0.0.1:3000/api/graphql
 
-NEXT_PUBLIC_PWA_URL="https://pwa.klicker.com"
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker.com"
-NEXT_PUBLIC_CONTROL_URL="https://control.klicker.com"
-NEXT_PUBLIC_AUTH_URL="https://auth.klicker.com"
-NEXT_PUBLIC_LTI_URL="https://lti.klicker.com"
+APP_ORIGIN_API=https://api.klicker.com
+APP_ORIGIN_PWA=https://pwa.klicker.com
+APP_ORIGIN_MANAGE=https://manage.klicker.com
+APP_ORIGIN_CONTROL=https://control.klicker.com
+APP_ORIGIN_LTI=https://lti.klicker.com
+APP_ORIGIN_AUTH=https://auth.klicker.com
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker.com
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker.com
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API

apps/frontend-control/.env.production

@@ -5,11 +5,22 @@ NEXT_PUBLIC_AVATAR_BASE_PATH="https://sos-ch-dk-2.exo.io/klicker-prod/avatars"
 NEXT_PUBLIC_API_URL="https://$API_DOMAIN/api/graphql"
 NEXT_PUBLIC_API_URL_SSR="http://klicker-v2-prod-klicker-uzh-v2-backend-graphql:3000/api/graphql"
 
-NEXT_PUBLIC_PWA_URL="https://pwa.klicker.uzh.ch"
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker.uzh.ch"
-NEXT_PUBLIC_CONTROL_URL="https://control.klicker.uzh.ch"
-NEXT_PUBLIC_AUTH_URL="https://auth.klicker.uzh.ch"
-NEXT_PUBLIC_LTI_URL="https://lti.klicker.uzh.ch"
-
 NEXT_PUBLIC_MATOMO_URL="https://webstats.uzh.ch/"
 NEXT_PUBLIC_MATOMO_SITE_ID=480
+
+APP_ORIGIN_API=https://backend-sls.klicker.uzh.ch
+APP_ORIGIN_PWA=https://pwa.klicker.uzh.ch
+APP_ORIGIN_MANAGE=https://manage.klicker.uzh.ch
+APP_ORIGIN_CONTROL=https://control.klicker.uzh.ch
+APP_ORIGIN_LTI=https://lti.klicker.uzh.ch
+APP_ORIGIN_AUTH=https://auth.klicker.uzh.ch
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker.uzh.ch
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker.uzh.ch
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API

apps/frontend-control/.env.qa

@@ -5,8 +5,19 @@ NEXT_PUBLIC_AVATAR_BASE_PATH="https://sos-ch-dk-2.exo.io/klicker-prod/avatars"
 NEXT_PUBLIC_API_URL="https://$API_DOMAIN/api/graphql"
 NEXT_PUBLIC_API_URL_SSR="http://klicker-uzh-qa-klicker-uzh-v3-backend-graphql:3000/api/graphql"
 
-NEXT_PUBLIC_PWA_URL="https://pwa.klicker-qa.bf-app.ch"
-NEXT_PUBLIC_MANAGE_URL="https://manage.klicker-qa.bf-app.ch"
-NEXT_PUBLIC_CONTROL_URL="https://control.klicker-qa.bf-app.ch"
-NEXT_PUBLIC_AUTH_URL="https://auth.klicker-qa.bf-app.ch"
-NEXT_PUBLIC_LTI_URL="https://lti.klicker-qa.bf-app.ch"
+APP_ORIGIN_API=https://api.klicker-qa.bf-app.ch
+APP_ORIGIN_PWA=https://pwa.klicker-qa.bf-app.ch
+APP_ORIGIN_MANAGE=https://manage.klicker-qa.bf-app.ch
+APP_ORIGIN_CONTROL=https://control.klicker-qa.bf-app.ch
+APP_ORIGIN_LTI=https://lti.klicker-qa.bf-app.ch
+APP_ORIGIN_AUTH=https://auth.klicker-qa.bf-app.ch
+APP_ORIGIN_ASSESSMENT_API=https://assessment-api.klicker-qa.bf-app.ch
+APP_ORIGIN_ASSESSMENT_PWA=https://assessment.klicker-qa.bf-app.ch
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API

apps/frontend-control/.env.test

@@ -7,8 +7,19 @@ NEXT_PUBLIC_API_URL_SSR=$NEXT_PUBLIC_API_URL
 
 APP_SECRET=abcd
 
-NEXT_PUBLIC_PWA_URL="http://127.0.0.1:3001"
-NEXT_PUBLIC_MANAGE_URL="http://127.0.0.1:3002"
-NEXT_PUBLIC_CONTROL_URL="http://127.0.0.1:3003"
-NEXT_PUBLIC_AUTH_URL="http://127.0.0.1:3010"
-NEXT_PUBLIC_LTI_URL="http://127.0.0.1:4000"
+APP_ORIGIN_API=http://127.0.0.1:3000
+APP_ORIGIN_PWA=http://127.0.0.1:3001
+APP_ORIGIN_MANAGE=http://127.0.0.1:3002
+APP_ORIGIN_CONTROL=http://127.0.0.1:3003
+APP_ORIGIN_LTI=http://127.0.0.1:4000
+APP_ORIGIN_AUTH=http://127.0.0.1:3010
+APP_ORIGIN_ASSESSMENT_API=http://127.0.0.1:3000
+APP_ORIGIN_ASSESSMENT_PWA=http://127.0.0.1:3001
+
+NEXT_PUBLIC_PWA_URL=$APP_ORIGIN_PWA
+NEXT_PUBLIC_MANAGE_URL=$APP_ORIGIN_MANAGE
+NEXT_PUBLIC_CONTROL_URL=$APP_ORIGIN_CONTROL
+NEXT_PUBLIC_AUTH_URL=$APP_ORIGIN_AUTH
+NEXT_PUBLIC_LTI_URL=$APP_ORIGIN_LTI
+NEXT_PUBLIC_ASSESSMENT_URL=$APP_ORIGIN_ASSESSMENT_PWA
+NEXT_PUBLIC_ASSESSMENT_API_URL=$APP_ORIGIN_ASSESSMENT_API