-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
47 lines (40 loc) · 2.15 KB
/
.env.example
File metadata and controls
47 lines (40 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Env vars use __ (double underscore) as nesting separator.
# e.g. SERVER__HOST -> server.host, OIDC__CLIENT_ID -> oidc.client_id, CREDS_MANAGE__DATA_PATH -> creds_manage.data_path
# Server bind and static files.
# SERVER__HOST=0.0.0.0
# SERVER__PORT=7021
# SERVER__WEBUI_DIR=./webui
## External base URL: "auto" (default, infer from request headers) or a fixed URL.
#
# SERVER__EXTERNAL_BASE_URL=auto
# SERVER__EXTERNAL_BASE_URL=https://auth.example.com
## WebUI dev server proxy target (vite)
#
# VITE_BACKEND_URL=http://localhost:7021
## Creds store file path.
#
# CREDS_MANAGE__DATA_PATH=./data/data.json
## Set to false to force-disable OIDC (equivalent to removing [oidc] from config)
#
# OIDC_ENABLED=false
OIDC__CLIENT_ID=your-client-id
OIDC__CLIENT_SECRET=your-client-secret # optional if use pkce and no secret is needed
OIDC__WELL_KNOWN_URL=https://your-oidc-provider.com/.well-known/openid-configuration
# OIDC__SCOPES=openid profile email # optional if you want to customize the scopes
#
## When well_known_url is set, these override discovered URLs.
## When well_known_url is not set, issuer/authorization/token/jwks are required.
## userinfo_endpoint is recommended; user_info_claims are fetched only when it is set.
#
# OIDC__ISSUER_URL=https://your-oidc-provider.com
# OIDC__AUTHORIZATION_ENDPOINT=https://your-oidc-provider.com/authorize
# OIDC__TOKEN_ENDPOINT=https://your-oidc-provider.com/token
# OIDC__USERINFO_ENDPOINT=https://your-oidc-provider.com/userinfo
# OIDC__JWKS_URI=https://your-oidc-provider.com/jwks
# OIDC__TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED=client_secret_basic # optional; comma/space separated
# OIDC__ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED=RS256 # optional; comma/space separated
# OIDC__USERINFO_SIGNING_ALG_VALUES_SUPPORTED=none # optional; comma/space separated
# OIDC__CLAIMS_CHECK_SCRIPT=./claims-script-check.mts # optional if you want to customize the claims check script
# OIDC__PKCE_ENABLED=true # use PKCE (code_challenge/code_verifier); recommended when no client_secret
# OIDC__MASTER_KEY=your-master-key # optional if you want to encrypt the refresh token
# OIDC__SEALED_REFRESH_TOKEN=true # optional if you want to encrypt the refresh token