Authorizer server supports the following environment variables
| Variable | Description | Required | Default Value |
|---|---|---|---|
ENV |
Which env you are running your server in. Supported envs production, development |
true | production |
ADMIN_SECRET |
Super admin secret used to access the master data | true | |
DATABASE_TYPE |
Which database you are using. Supported database types are postgres, mysql, planetscale, sqlite, sqlserver, mongodb, arangodb, yugabyte, mariadb, cassandradb, scylladb, couchbase, dynamodb |
true | |
DATABASE_URL |
Database connection string. In case of cluster url eg. for cassandra db, you can use comma separated IPs. | true | |
DATABASE_NAME |
Name of database to connect to. This is useful in case of arangodb and mongodb. If not set, default value will be used | false | authorizer |
DATABASE_PORT |
Port on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb type |
false | |
DATABASE_HOST |
Host/IP on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb type |
false | |
DATABASE_USERNAME |
Username for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb type |
false | |
DATABASE_PASSWORD |
Password for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb type |
false | |
DATABASE_CERT |
Base64 encoded certificate string used to make SSL connection. At the moment supported by cassandradb,scylladb type |
false | |
DATABASE_CERT_KEY |
Base64 encoded key string used to make SSL connection. At the moment supported by cassandradb,scylladb type |
false | |
DATABASE_CA_CERT |
Base64 encoded CA certificate string used to make SSL connection. At the moment supported by cassandradb, scylladb type |
false | |
PORT |
Port on which server should be running | true | 8080 |
AUTHORIZER_URL |
Domain name of the server, eg https://authorizer.herokuapp.com |
false | |
REDIS_URL |
Redis URL where sessions can be persisted | false | sessions will be stored in memory |
COOKIE_NAME |
Name of cookie to be set by server | true | authorizer |
SMTP_HOST |
SMTP host is used to send email verification emails and forgot password emails | false | If not set email sending can fail |
SMTP_PORT |
SMTP Port is used along with SMTP host | false | |
SMTP_USERNAME |
Username for your smtp provider | false | |
SMTP_PASSWORD |
Password for your smt provider | false | |
SENDER_EMAIL |
Email to be used in From section while sending emails |
false | |
SENDER_NAME |
Email sender name that is displayed in the inbox instead of just showing the email address | false | |
RESET_PASSWORD_URL |
Reset password link, that can be used to send the correct forgot password link | true | /reset-password |
DISABLE_BASIC_AUTHENTICATION |
Used to explicitly disable email and password based authentication | false | false |
DISABLE_EMAIL_VERIFICATION |
Used to disable the email verification while signing up | false | false |
DISABLE_MAGIC_LINK_LOGIN |
Used to disable the password less login up | false | false |
DISABLE_LOGIN_PAGE |
Used to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login page | false | false |
DISABLE_SIGN_UP |
Used to disable the sign up feature. It is useful when you want to have beta release of your product and invite only limited users | false | false |
DISABLE_PLAYGROUND |
To disable playground | false | true |
ROLES |
Comma separated list of roles that your platform supports | true | user,admin |
DEFAULT_ROLES |
Comma separated list of roles that acts as Default roles which you would like to assign to users while they signup /login | true | [user] |
PROTECTED_ROLES |
Comma separated list of roles for which signup should be disabled. Example admin roles. This roles can only assigned manually via super admin like adminUpdateProfile. |
false | |
JWT_ROLE_CLAIM |
Claim key that will be part of JWT token | true | role |
ORGANIZATION_NAME |
Name of organization that you want on default login page | false | Authorizer |
ORGANIZATION_LOGO |
Logo of organization that you want on default login page | false | Authorizer Logo |
CUSTOM_ACCESS_TOKEN_SCRIPT |
Javascript function to add extra keys to your JWT id token. This feature is developed using otto and only supports writing function in ES5. Check the sample here. | false | |
ACCESS_TOKEN_EXPIRY_TIME |
Time interval for how long access token will be expired in 1h15m15s format |
false | 30m |
AWS_REGION |
AWS, region id, where dynamod db tables are to be created. Used with DATABASE_TYPE=dynamodb. |
false | - |
AWS_ACCESS_KEY_ID |
AWS access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodb |
false | - |
AWS_SECRET_ACCESS_KEY |
AWS secret access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodb |
false | - |
COUCHBASE_BUCKET |
Bucket used for couchbase database. Used with DATABASE_TYPE=couchbase |
false | authorizer |
COUCHBASE_BUCKET_RAM_QUOTA |
RAM Quota for the bucket used for couchbase database. It has to be numeric value only. Used with DATABASE_TYPE=couchbase. |
false | 1000 |
COUCHBASE_SCOPE |
Scope in which bucket is created. Used with DATABASE_TYPE=couchbase. |
false | _default |
GOOGLE_CLIENT_ID |
OAuth Google login client id | false | |
GOOGLE_CLIENT_SECRET |
OAuth Google login client secret | false | |
GITHUB_CLIENT_ID |
OAuth Github login client id | false | |
GITHUB_CLIENT_SECRET |
OAuth Github login client secret | false | |
FACEBOOK_CLIENT_ID |
OAuth Facebook login client id | false | |
FACEBOOK_CLIENT_SECRET |
OAuth Facebook login client secret | false | |
LINKEDIN_CLIENT_ID |
OAuth LinkedIn login client id | false | |
LINKEDIN_CLIENT_SECRET |
OAuth LinkedIn login client secret | false | |
APPLE_CLIENT_ID |
OAuth Apple login client id | false | |
APPLE_CLIENT_SECRET |
OAuth Apple login client secret | false | |
TWITTER_CLIENT_ID |
OAuth Twitter login client id | false | |
TWITTER_CLIENT_SECRET |
OAuth Twitter login client secret | false | |
MICROSOFT_CLIENT_ID |
OAuth Microsoft login client id | false | |
MICROSOFT_CLIENT_SECRET |
OAuth Microsoft login client secret | false | |
MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID |
Microsoft Active Directory Tenant ID obtained from azure portal | false |
It is expected for this variable to be present as system env or .env at the root of project. You can also pass env_file as command line argument. Example:
make && ./build/server --env_file=.env.local