# STEP 01 – Wire project dependencies and environment for swissoid-back

Updated `biblio-stats-graphql` to depend on `swissoid-back` and its runtime requirements (express-knifey, ioredis, redis) while aligning Express to v4 for compatibility. Also documented the new SwissOID and Redis environment variables the service must expose.

```diff
--- a/package.json
+++ b/package.json
@@
-    "express": "^5.1.0",
-    "ghooks": "^2.0.4",
-    "graphql-knifey": "^7.1.2",
-    "jose": "^6.1.0",
-    "mysql-oh-wait-utils": "^0.5.1",
-    "saylo": "0.6.3",
-    "swiss-army-knifey": "^1.36.4",
-    "typescript": "5.9.2",
-    "uuid": "^13.0.0"
+    "express": "^4.21.2",
+    "express-knifey": "^1.1.2",
+    "ghooks": "^2.0.4",
+    "graphql-knifey": "^7.1.2",
+    "ioredis": "^5.7.0",
+    "mysql-oh-wait-utils": "^0.5.1",
+    "redis": "^5.8.2",
+    "saylo": "0.6.3",
+    "swiss-army-knifey": "^1.36.4",
+    "swissoid-back": "^2.2.1",
+    "typescript": "5.9.2",
+    "uuid": "^13.0.0"
```

```diff
--- a/.env
+++ b/.env
@@
-# SwissOID Configuration
-SWISSOID_CLIENT_ID=biblio-stats
-SWISSOID_ISSUER=https://api.swissoid.com
-SWISSOID_JWKS_URI=https://api.swissoid.com/.well-known/jwks.json
-ACCESS_TOKEN_COOKIE=swissoid_access_token
-REFRESH_TOKEN_COOKIE=swissoid_refresh_token
-COOKIE_DOMAIN=.biblio-stats.meow.ch
+# SwissOID Configuration for swissoid-back
+SWISSOID_CLIENT_ID=biblio-stats
+SWISSOID_ISSUER=https://api.swissoid.com
+SWISSOID_JWKS_URI=https://api.swissoid.com/.well-known/jwks.json
+SWISSOID_TOKEN_ENDPOINT=https://api.swissoid.com/token
+SWISSOID_AUTHORIZE_ENDPOINT=https://api.swissoid.com/authorize
+
+# Relying party (this service) OIDC + session configuration
+OIDC_REDIRECT_BASE_URL=http://localhost:3666
+RP_FRONTEND_URL=http://localhost:5173
+RP_COOKIE_DOMAIN=.biblio-stats.meow.ch
+SESSION_COOKIE_NAME=biblio_stats_session
+REFRESH_COOKIE_NAME=biblio_stats_refresh
+SESSION_SECRET=dev-super-secret-change-me
+STATE_SIGNING_SECRET=dev-super-secret-change-me-state
+SESSION_TTL=7200
+REFRESH_TTL=604800
+
+# Redis connection for session storage
+REDIS_URL=redis://localhost:6379
```

```diff
--- a/.env.prod
+++ b/.env.prod
@@
-# SwissOID Configuration
-SWISSOID_CLIENT_ID=biblio-stats
-SWISSOID_ISSUER=https://api.swissoid.com
-SWISSOID_JWKS_URI=https://api.swissoid.com/.well-known/jwks.json
-ACCESS_TOKEN_COOKIE=swissoid_access_token
-REFRESH_TOKEN_COOKIE=swissoid_refresh_token
-COOKIE_DOMAIN=.biblio-stats.meow.ch
+# SwissOID Configuration for swissoid-back
+SWISSOID_CLIENT_ID=biblio-stats
+SWISSOID_ISSUER=https://api.swissoid.com
+SWISSOID_JWKS_URI=https://api.swissoid.com/.well-known/jwks.json
+SWISSOID_TOKEN_ENDPOINT=https://api.swissoid.com/token
+SWISSOID_AUTHORIZE_ENDPOINT=https://api.swissoid.com/authorize
+
+# Relying party (this service) OIDC + session configuration
+OIDC_REDIRECT_BASE_URL=https://graphql.biblio-stats.meow.ch
+RP_FRONTEND_URL=https://biblio-stats.meow.ch
+RP_COOKIE_DOMAIN=.biblio-stats.meow.ch
+SESSION_COOKIE_NAME=biblio_stats_session
+REFRESH_COOKIE_NAME=biblio_stats_refresh
+SESSION_SECRET=prod-super-secret-change-me
+STATE_SIGNING_SECRET=prod-super-secret-change-me-state
+SESSION_TTL=7200
+REFRESH_TTL=604800
+
+# Redis connection for session storage
+REDIS_URL=redis://redis:6379
```