From d3ffb2cfda65b23e1180a9c885dab652ca3885bf Mon Sep 17 00:00:00 2001
From: Alexis <isalexis.design@gmail.com>
Date: Fri, 15 May 2026 12:56:31 +0200
Subject: [PATCH] fix: implement backend configuration system and ORCID API
 client integration

---
 backend/app/core/config.py           | 12 ++++++++++++
 backend/app/services/orcid_client.py |  2 +-
 docker-compose.yml                   |  3 ++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/backend/app/core/config.py b/backend/app/core/config.py
index b77834f..edba96c 100644
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -67,6 +67,7 @@ class Settings(BaseSettings):
     ORCID_CLIENT_ID: str = Field(...)
     ORCID_CLIENT_SECRET: str = Field(...)
     ORCID_REDIRECT_URI: str = "http://localhost:8000/api/auth/orcid/callback"
+    ORCID_ENVIRONMENT: Literal["sandbox", "production"] | None = None
     ORCID_OAUTH_STATE_ENABLED: bool = True
     ORCID_OAUTH_STATE_COOKIE: str = "orcid_oauth_state"
     ORCID_OAUTH_STATE_TTL_SECONDS: int = 600
@@ -136,6 +137,17 @@ class Settings(BaseSettings):
     def is_production(self) -> bool:
         return self.ENVIRONMENT == "production"
 
+    @property
+    def orcid_environment(self) -> str:
+        """Which ORCID API tier to use (sandbox | production).
+
+        Defaults to 'production' when ENVIRONMENT=production, 'sandbox'
+        otherwise. Can be overridden explicitly with ORCID_ENVIRONMENT
+        in the .env to e.g. run production security + sandbox ORCID."""
+        if self.ORCID_ENVIRONMENT is not None:
+            return self.ORCID_ENVIRONMENT
+        return "production" if self.is_production else "sandbox"
+
     @property
     def cors_allowed_origins(self) -> List[str]:
         return _split_csv(self.CORS_ALLOWED_ORIGINS)
diff --git a/backend/app/services/orcid_client.py b/backend/app/services/orcid_client.py
index e98f176..872ebe1 100644
--- a/backend/app/services/orcid_client.py
+++ b/backend/app/services/orcid_client.py
@@ -20,7 +20,7 @@ ORCID_ENDPOINTS = {
 
 
 def _orcid_endpoints() -> dict[str, str]:
-    key = "production" if settings.is_production else "sandbox"
+    key = settings.orcid_environment          # "sandbox" | "production"
     return ORCID_ENDPOINTS[key]
 
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c45f304..75d8478 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,8 @@ services:
     environment:
       DATABASE_URL: postgresql://postgres:postgres@db:5432/orcid_db
       REDIS_URL: redis://redis:6379/0
-      ORCID_REDIRECT_URI: https://jargon-supreme-palpable.ngrok-free.dev/callback
+      # Uncomment for local dev with ngrok (overrides backend/.env value):
+      # ORCID_REDIRECT_URI: https://jargon-supreme-palpable.ngrok-free.dev/callback
     depends_on:
       db:
         condition: service_healthy