feat: Add Default role assigning while creating and account or signing in [DEV-2905]

README.md

@@ -62,7 +62,10 @@ By default, `ENABLE_AUTHENTICATION` is set to off/`false`. To enable external Ve
 3. **Machine-to-machine backend APIs**
    1. `LOGTO_M2M_APP_ID`: Application ID for machine-to-machine application in LogTo. This is used for elevated management APIs within LogTo.
    2. `LOGTO_M2M_APP_SECRET`: Application secret
-4. **Miscellaneous**
+4. **Default role update using [LogTo webhooks](https://docs.logto.io/next/docs/recipes/webhooks/)**: LogTo supports webhooks to fire of requests to an API when it detects certain actions/changes. If you want to  automatically assign a role to users, a webhook is recommended to be setup for firing off whenever there's a new account created, or a new sign-in.
+   1. `LOGTO_DEFAULT_ROLE_ID`: LogTo Role ID for the default role to put new users into.
+   2. `LOGTO_WEBHOOK_SECRET`: Webhook secret to authenticate incoming webhook requests from LogTo.
+5. **Miscellaneous**
    1. `DEFAULT_CUSTOMER_ID`: Customer/user in LogTo to use for unauthenticated users
    2. `COOKIE_SECRET`: Secret for cookie encryption.
 

docker/Dockerfile

@@ -67,6 +67,8 @@ ARG COOKIE_SECRET
 ARG LOGTO_M2M_APP_ID
 ARG LOGTO_M2M_APP_SECRET
 ARG LOGTO_MANAGEMENT_API
+ARG LOGTO_DEFAULT_ROLE_ID
+ARG LOGTO_WEBHOOK_SECRET
 
 # Verida connector: build-time
 ARG ENABLE_VERIDA_CONNECTOR=false
@@ -103,6 +105,8 @@ ENV COOKIE_SECRET ${COOKIE_SECRET}
 ENV LOGTO_M2M_APP_ID ${LOGTO_M2M_APP_ID}
 ENV LOGTO_M2M_APP_SECRET ${LOGTO_M2M_APP_SECRET}
 ENV LOGTO_MANAGEMENT_API ${LOGTO_MANAGEMENT_API}
+ENV LOGTO_DEFAULT_ROLE_ID ${LOGTO_DEFAULT_ROLE_ID}
+ENV LOGTO_WEBHOOK_SECRET ${LOGTO_WEBHOOK_SECRET}
 
 # Environment variables: Verida connector
 ENV ENABLE_VERIDA_CONNECTOR ${ENABLE_VERIDA_CONNECTOR}

example.env

@@ -20,6 +20,8 @@ LOGTO_APP_SECRET='sdf...sdf'
 LOGTO_M2M_APP_ID="aaaa...ddddd"
 LOGTO_M2M_APP_SECRET="aaaa...ddddd"
 LOGTO_MANAGEMENT_API="https://default.logto.app/api"
+LOGTO_DEFAULT_ROLE_ID="sdf...sdf"
+LOGTO_WEBHOOK_SECRET="sdf...sdf"
 COOKIE_SECRET='sdf...sdf'
 
 # Authentication