AgileWebs/thalos-bff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37d2551565
thalos-bff/docs/runbooks/containerization.md
José René White Enciso 730abb95ec feat(thalos-bff): add google oidc start and callback flow
2026-03-11 10:13:21 -06:00

1.4 KiB
Raw Blame History

Containerization Runbook

Image Build

If the repo consumes internal packages from Gitea, pass feed credentials as build args.

docker build   --build-arg NUGET_FEED_USERNAME=<gitea-login>   --build-arg NUGET_FEED_TOKEN=<gitea-token>   -t agilewebs/thalos-bff:dev .

Local Run

docker run --rm -p 8080:8080 \
  -e ThalosService__GrpcAddress=http://thalos-service:8081 \
  -e ThalosBff__Oidc__Google__ClientId=<google-client-id> \
  -e ThalosBff__Oidc__Google__ClientSecret=<google-client-secret> \
  -e ThalosBff__Oidc__Google__RedirectUri=https://auth.dream-views.com/api/identity/oidc/google/callback \
  -e ThalosBff__Oidc__StateSigningSecret=<state-signing-secret> \
  -e ThalosBff__SessionCookieSecure=true \
  -e ThalosBff__SessionCookieDomain=.dream-views.com \
  --name thalos-bff agilewebs/thalos-bff:dev

Health Probe

  • Path: /health
  • Fallback path: /healthz
  • Port: 8080

Runtime Notes

  • Requires ThalosService__GrpcAddress to target thalos-service in distributed runs.
  • gRPC client contract protobuf is vendored at src/Thalos.Bff.Rest/Protos/identity_runtime.proto to keep image builds repo-local.
  • OIDC callback requires ThalosBff__Oidc__Google__ClientId, ClientSecret, RedirectUri, and StateSigningSecret.
  • For cross-subdomain SPA auth, set ThalosBff__SessionCookieDomain=.dream-views.com and secure cookies in non-local environments.