@@ -5,12 +5,19 @@ import { Configuration, IdentityApi, OAuth2Api } from '@ory/client-fetch'
55let cachedIdentityApi : IdentityApi | null = null
66let cachedOAuth2Api : OAuth2Api | null = null
77
8- // the IdentityApi requires the Ory project admin token (PAT). callers should
9- // ensure ORY_PROJECT_API_TOKEN is set at deploy time when AUTH_PROVIDER=ory.
8+ // IdentityApi resolution:
9+ // 1. ORY_KRATOS_ADMIN_URL — self-hosted Kratos admin (e.g. local devenv :4434).
10+ // 2. ORY_SDK_URL — Ory Network (identity admin co-located on the SDK host).
11+ //
12+ // The PAT is attached only when configured: Ory Network gates on it,
13+ // self-hosted Kratos admin uses network reachability instead.
1014export function getOryIdentityApi ( ) : IdentityApi {
1115 if ( cachedIdentityApi ) return cachedIdentityApi
1216
13- cachedIdentityApi = new IdentityApi ( getOryConfiguration ( ) )
17+ cachedIdentityApi = new IdentityApi (
18+ getOryConfiguration ( process . env . ORY_KRATOS_ADMIN_URL )
19+ )
20+
1421 return cachedIdentityApi
1522}
1623
@@ -21,19 +28,17 @@ export function getOryOAuth2Api(): OAuth2Api {
2128 return cachedOAuth2Api
2229}
2330
24- function getOryConfiguration ( ) : Configuration {
25- const basePath = process . env . ORY_SDK_URL
26- const accessToken = process . env . ORY_PROJECT_API_TOKEN
31+ function getOryConfiguration ( basePathOverride ?: string ) : Configuration {
32+ const basePath = basePathOverride ?? process . env . ORY_SDK_URL
2733
2834 if ( ! basePath ) {
2935 throw new Error ( 'ORY_SDK_URL is not configured' )
3036 }
31- if ( ! accessToken ) {
32- throw new Error ( 'ORY_PROJECT_API_TOKEN is not configured' )
33- }
37+
38+ const accessToken = process . env . ORY_PROJECT_API_TOKEN
3439
3540 return new Configuration ( {
3641 basePath : basePath . replace ( / \/ $ / , '' ) ,
37- accessToken,
42+ ... ( accessToken ? { accessToken } : { } ) ,
3843 } )
3944}
0 commit comments