The structures-frontend-next application now supports runtime configuration loading from JSON files instead of environment variables. This allows you to change configuration without rebuilding the application.
The application will look for configuration files in the following order, with optional local overrides applied on top:
- Base:
/config/app-config.json(preferred)- Local override (optional):
/config/app-config.override.jsonor/config/app-config.json.local
- Local override (optional):
- Base:
/app-config.json(fallback)- Local override (optional):
/app-config.override.jsonor/app-config.json.local
- Local override (optional):
- If no base file exists, a local override (if present) will be merged onto defaults
Create a JSON file with the following structure:
{
"oidc": {
"okta": {
"enabled": false,
"client_id": "your-okta-client-id",
"authority": "https://your-okta-domain.okta.com",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
},
"keycloak": {
"enabled": true,
"client_id": "your-keycloak-client-id",
"authority": "http://localhost:8080/realms/your-realm",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
},
"google": {
"enabled": false,
"client_id": "your-google-client-id",
"authority": "https://accounts.google.com",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
},
"github": {
"enabled": false,
"client_id": "your-github-client-id",
"authority": "https://github.com",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
},
"microsoft": {
"enabled": false,
"client_id": "your-microsoft-client-id",
"authority": "https://login.microsoftonline.com/common/v2.0",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew",
"resource": "your-microsoft-resource"
},
"microsoftSocial": {
"enabled": false,
"client_id": "your-microsoft-social-client-id",
"authority": "https://login.microsoftonline.com/consumers/v2.0",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
},
"custom": {
"enabled": false,
"client_id": "your-custom-client-id",
"authority": "https://your-custom-authority.com",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew",
"metadata": {
"authorization_endpoint": "https://your-custom-authority.com/oauth/authorize",
"token_endpoint": "https://your-custom-authority.com/oauth/token",
"userinfo_endpoint": "https://your-custom-authority.com/oauth/userinfo",
"end_session_endpoint": "https://your-custom-authority.com/oauth/logout",
"jwks_uri": "https://your-custom-authority.com/.well-known/jwks.json"
}
},
"apple": {
"enabled": false,
"client_id": "your-apple-client-id",
"authority": "https://appleid.apple.com",
"redirect_uri": "http://localhost:5173/login",
"post_logout_redirect_uri": "http://localhost:5173",
"silent_redirect_uri": "http://localhost:5173/login/silent-renew"
}
},
"basicAuth": {
"enabled": true
},
"debug": false
}Each OIDC provider has the following configuration options:
enabled: Boolean to enable/disable the providerclient_id: The OAuth client ID from your identity providerauthority: The authority URL for your identity providerredirect_uri: The redirect URI after successful authenticationpost_logout_redirect_uri: The redirect URI after logoutsilent_redirect_uri: The redirect URI for silent token renewal
For Microsoft providers, you can also specify:
resource: Custom resource identifier for Microsoft v2.0 endpoints
For custom OIDC providers, you can specify:
metadata: Complete OIDC metadata including endpoints
enabled: Boolean to enable/disable basic username/password authentication
debug: Boolean to enable debug logging
-
Copy the example configuration file:
cp public/app-config.json.example public/app-config.json
-
Edit the configuration file with your settings:
# Edit the configuration file nano public/app-config.json -
Build the application:
npm run build
-
Deploy the application with your configuration file in the web root.
During development, place files in public/ and they will be served by Vite. You can optionally create a local-only override that should not be committed:
# Example: local override next to base file
cp public/app-config.json public/app-config.override.json
# Or use the .json.local suffix
cp public/app-config.json public/app-config.json.localGit ignore example (add to your ignore rules):
public/app-config.override.json
public/app-config.json.local
config/app-config.override.json
config/app-config.json.local
For production deployment:
- Place your configuration file in the web root of your server
- Ensure the file is accessible at
/app-config.jsonor/config/app-config.json - The application will load the configuration at runtime
If no configuration file is found, the application will use default settings:
- Keycloak enabled with default settings
- Basic authentication enabled
- Debug mode disabled
If you were previously using environment variables, you can migrate by:
- Creating a configuration file with your current settings
- Removing the environment variables from your build process
- Deploying the configuration file with your application
The application will automatically detect and use the new configuration system.