feat(napta): client-credentials auth + real project listing

Napta uses Auth0 M2M, not a static token: exchange client_id/secret for a cached
JWT, then list non-archived projects via JSON:API (include client name). Falls back
to fixtures when NAPTA_CLIENT_ID/SECRET are unset. Member resolution still stubbed.
This commit is contained in:
Julien Calixte
2026-06-26 16:16:06 +01:00
parent fc039ac0fc
commit 9ded10f68e
5 changed files with 187 additions and 28 deletions

View File

@@ -3,14 +3,19 @@
PORT=8000
# Napta API — required for live data. Without it, the API serves demo fixtures.
# Base URL + token: see https://app.napta.io (Settings → API).
NAPTA_API_TOKEN=
# Napta API (https://app.napta.io). Auth is Auth0 Machine-to-Machine: the backend
# exchanges client_id + client_secret for a JWT. Without BOTH, the API serves demo
# fixtures. Get an M2M credential from Napta (Settings -> API / your Napta admin).
NAPTA_CLIENT_ID=
NAPTA_CLIENT_SECRET=
NAPTA_BASE_URL=https://app.napta.io/api/v1
# Override only if Napta tells you to:
# NAPTA_AUTH_URL=https://auth.napta.io/oauth/token
# NAPTA_AUDIENCE=backend
# Slack bot token (xoxb-...) with scopes: users:read, users:read.email
# Used to resolve each person's profile picture by email.
# Optional — without it, Members show initials Avatars instead of Slack photos.
SLACK_BOT_TOKEN=
# SQLite location (avatar cache). Matches the Coolify persistent volume.
# SQLite location (Slack directory cache). Matches the Coolify persistent volume.
DB_PATH=data/app.db