updated bb conf; login

bbconf/broker-config.toml

@@ -47,7 +47,7 @@ scope = "openid profile email"
 
 # Optional base URL for OAuth2 URLs, e.g. "https://domain.tld/auth"
 # If omitted, it will be derived from the fields in the [server] section.
-# base_url = "http://localhost:8080"
+# base_url = "http://127.0.0.1:8080"
 
 # Will be appended to `base_url` to form the OAuth2 callback URL
 redirect_path = "/oauth/callback"
@@ -59,7 +59,18 @@ user_info_additional_claims_required = true
 # be redirected to the application URL.
 # If this is unset, the browser gets an empty 200 response on successful
 # authorization code flow completion.
-client_app_url = "http://127.0.0.1:8080/_test/ping"
+client_app_url = "http://127.0.0.1:5173/"
+
+# Path to the browser login URL.
+# This path is where the basebox broker returns a 302 response that redirects the browser to
+# the IdP login page; the target URL will contain all query parms needed to initiate an
+# auth code flow login procedure, incl. CSRF protection tokens etc.
+login_path = "/oauth/login"
+
+# Logout path that allows explicit, immediate logouts.
+# Simply POST to this URL with the session cookie or bearer token.
+logout_path = "/oauth/logout"
+
 
 [business_logic_layer]
 business_logic_layer_enabled = false