diff --git a/pages/core/env.mdx b/pages/core/env.mdx index ca9093e..bb0afd1 100644 --- a/pages/core/env.mdx +++ b/pages/core/env.mdx @@ -2,55 +2,64 @@ Authorizer server supports the following environment variables -| Variable | Description | Required | Default Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | --------------------------------------------------------- | -| `ENV` | Which env you are running your server in. Supported envs `production`, `development` | true | `production` | -| `ADMIN_SECRET` | Super admin secret used to access the master data | true | | -| `DATABASE_TYPE` | Which database you are using. Supported database types are `postgres`, `mysql`, `planetscale`, `sqlite`, `sqlserver`, `mongodb`, `arangodb`, `yugabyte`, `mariadb`, `cassandradb`, `scylladb`, `couchbase`, `dynamodb` | true | | -| `DATABASE_URL` | Database connection string. In case of cluster url eg. for cassandra db, you can use comma separated IPs. | true | | -| `DATABASE_NAME` | Name of database to connect to. This is useful in case of [arangodb](https://www.arangodb.com/) and [mongodb](https://www.mongodb.com/). If not set, default value will be used | false | `authorizer` | -| `DATABASE_PORT` | Port on which database connection should be made. This is used when `DATABASE_URL` is not mentioned. At the moment supported by `cassandradb` type | false | | -| `DATABASE_HOST` | Host/IP on which database connection should be made. This is used when `DATABASE_URL` is not mentioned. At the moment supported by `cassandradb` type | false | | -| `DATABASE_USERNAME` | Username for the database access with permission to create tables and records. At the moment supported by `cassandradb`, `scylladb` type | false | | -| `DATABASE_PASSWORD` | Password for the database access with permission to create tables and records. At the moment supported by `cassandradb`, `scylladb` type | false | | -| `DATABASE_CERT` | Base64 encoded certificate string used to make SSL connection. At the moment supported by `cassandradb`,`scylladb` type | false | | -| `DATABASE_CERT_KEY` | Base64 encoded key string used to make SSL connection. At the moment supported by `cassandradb`,`scylladb` type | false | | -| `DATABASE_CA_CERT` | Base64 encoded CA certificate string used to make SSL connection. At the moment supported by `cassandradb`, `scylladb` type | false | | -| `PORT` | Port on which server should be running | true | 8080 | -| `AUTHORIZER_URL` | Domain name of the server, eg `https://authorizer.herokuapp`.com | false | | -| `REDIS_URL` | Redis URL where sessions can be persisted | false | sessions will be stored in memory | -| `COOKIE_NAME` | Name of cookie to be set by server | true | authorizer | -| `SMTP_HOST` | SMTP host is used to send email verification emails and forgot password emails | false | If not set email sending can fail | -| `SMTP_PORT` | SMTP Port is used along with SMTP host | false | | -| `SMTP_USERNAME` | Username for your smtp provider | false | | -| `SMTP_PASSWORD` | Password for your smt provider | false | | -| `SENDER_EMAIL` | Email to be used in `From` section while sending emails | false | | -| `GOOGLE_CLIENT_ID` | OAuth [Google login](https://developers.google.com/identity/sign-in/web/sign-in) client id | false | | -| `GOOGLE_CLIENT_SECRET` | OAuth [Google login client secret](https://developers.google.com/identity/sign-in/web/sign-in) | false | | -| `GITHUB_CLIENT_ID` | OAuth [Github login](https://docs.github.com/en/rest/guides/basics-of-authentication) client id | false | | -| `GITHUB_CLIENT_SECRET` | OAuth [Github login](https://docs.github.com/en/rest/guides/basics-of-authentication) client secret | false | -| `FACEBOOK_CLIENT_ID` | OAuth [Facebook login](https://docs.github.com/en/rest/guides/basics-of-authentication) client id | false | | -| `FACEBOOK_CLIENT_SECRET` | OAuth [Facebook login](https://docs.github.com/en/rest/guides/basics-of-authentication) client secret | false | | -| `RESET_PASSWORD_URL` | Reset password link, that can be used to send the correct forgot password link | true | `/reset-password` | -| `DISABLE_BASIC_AUTHENTICATION` | Used to explicitly disable email and password based authentication | false | false | -| `DISABLE_EMAIL_VERIFICATION` | Used to disable the email verification while signing up | false | false | -| `DISABLE_MAGIC_LINK_LOGIN` | Used to disable the password less login up | false | false | -| `DISABLE_LOGIN_PAGE` | Used to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login page | false | false | -| `DISABLE_SIGN_UP` | Used to disable the sign up feature. It is useful when you want to have beta release of your product and invite only limited users | false | false | -| `ROLES` | Comma separated list of roles that your platform supports | true | `user,admin` | -| `DEFAULT_ROLES` | Comma separated list of roles that acts as Default roles which you would like to assign to users while they signup /login | true | `[user]` | -| `PROTECTED_ROLES` | Comma separated list of roles for which signup should be disabled. Example `admin` roles. This roles can only assigned manually via super admin like `adminUpdateProfile`. | false | | -| `JWT_ROLE_CLAIM` | Claim key that will be part of JWT token | true | `role` | -| `ORGANIZATION_NAME` | Name of organization that you want on default login page | false | `Authorizer` | -| `ORGANIZATION_LOGO` | Logo of organization that you want on default login page | false | [Authorizer Logo](https://authorizer.dev/images/logo.png) | -| `CUSTOM_ACCESS_TOKEN_SCRIPT` | Javascript function to add extra keys to your JWT id token. This feature is developed using [otto](https://github.com/robertkrimen/otto) and only supports writing function in [ES5](https://en.wikipedia.org/wiki/ECMAScript). Check the sample [here](https://github.com/authorizerdev/authorizer/blob/main/.env.sample#L3). | false | -| `ACCESS_TOKEN_EXPIRY_TIME` | Time interval for how long access token will be expired in `1h15m15s` format | false | `30m` | -| `AWS_REGION` | AWS, region id, where dynamod db tables are to be created. Used with `DATABASE_TYPE=dynamodb`. | false | - | -| `AWS_ACCESS_KEY_ID` | AWS access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with `DATABASE_TYPE=dynamodb` | false | - | -| `AWS_SECRET_ACCESS_KEY` | AWS secret access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with `DATABASE_TYPE=dynamodb` | false | - | -| `COUCHBASE_BUCKET` | Bucket used for couchbase database. Used with `DATABASE_TYPE=couchbase` | false | `authorizer` | -| `COUCHBASE_BUCKET_RAM_QUOTA` | RAM Quota for the bucket used for couchbase database. It has to be numeric value only. Used with `DATABASE_TYPE=couchbase`. | false | `1000` | -| `COUCHBASE_SCOPE` | Scope in which bucket is created. Used with `DATABASE_TYPE=couchbase`. | false | `_default` | +| Variable | Description | Required | Default Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | --------------------------------------------------------- | +| `ENV` | Which env you are running your server in. Supported envs `production`, `development` | true | `production` | +| `ADMIN_SECRET` | Super admin secret used to access the master data | true | | +| `DATABASE_TYPE` | Which database you are using. Supported database types are `postgres`, `mysql`, `planetscale`, `sqlite`, `sqlserver`, `mongodb`, `arangodb`, `yugabyte`, `mariadb`, `cassandradb`, `scylladb`, `couchbase`, `dynamodb` | true | | +| `DATABASE_URL` | Database connection string. In case of cluster url eg. for cassandra db, you can use comma separated IPs. | true | | +| `DATABASE_NAME` | Name of database to connect to. This is useful in case of [arangodb](https://www.arangodb.com/) and [mongodb](https://www.mongodb.com/). If not set, default value will be used | false | `authorizer` | +| `DATABASE_PORT` | Port on which database connection should be made. This is used when `DATABASE_URL` is not mentioned. At the moment supported by `cassandradb` type | false | | +| `DATABASE_HOST` | Host/IP on which database connection should be made. This is used when `DATABASE_URL` is not mentioned. At the moment supported by `cassandradb` type | false | | +| `DATABASE_USERNAME` | Username for the database access with permission to create tables and records. At the moment supported by `cassandradb`, `scylladb` type | false | | +| `DATABASE_PASSWORD` | Password for the database access with permission to create tables and records. At the moment supported by `cassandradb`, `scylladb` type | false | | +| `DATABASE_CERT` | Base64 encoded certificate string used to make SSL connection. At the moment supported by `cassandradb`,`scylladb` type | false | | +| `DATABASE_CERT_KEY` | Base64 encoded key string used to make SSL connection. At the moment supported by `cassandradb`,`scylladb` type | false | | +| `DATABASE_CA_CERT` | Base64 encoded CA certificate string used to make SSL connection. At the moment supported by `cassandradb`, `scylladb` type | false | | +| `PORT` | Port on which server should be running | true | 8080 | +| `AUTHORIZER_URL` | Domain name of the server, eg `https://authorizer.herokuapp`.com | false | | +| `REDIS_URL` | Redis URL where sessions can be persisted | false | sessions will be stored in memory | +| `COOKIE_NAME` | Name of cookie to be set by server | true | authorizer | +| `SMTP_HOST` | SMTP host is used to send email verification emails and forgot password emails | false | If not set email sending can fail | +| `SMTP_PORT` | SMTP Port is used along with SMTP host | false | | +| `SMTP_USERNAME` | Username for your smtp provider | false | | +| `SMTP_PASSWORD` | Password for your smt provider | false | | +| `SENDER_EMAIL` | Email to be used in `From` section while sending emails | false | | +| `RESET_PASSWORD_URL` | Reset password link, that can be used to send the correct forgot password link | true | `/reset-password` | +| `DISABLE_BASIC_AUTHENTICATION` | Used to explicitly disable email and password based authentication | false | false | +| `DISABLE_EMAIL_VERIFICATION` | Used to disable the email verification while signing up | false | false | +| `DISABLE_MAGIC_LINK_LOGIN` | Used to disable the password less login up | false | false | +| `DISABLE_LOGIN_PAGE` | Used to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login page | false | false | +| `DISABLE_SIGN_UP` | Used to disable the sign up feature. It is useful when you want to have beta release of your product and invite only limited users | false | false | +| `ROLES` | Comma separated list of roles that your platform supports | true | `user,admin` | +| `DEFAULT_ROLES` | Comma separated list of roles that acts as Default roles which you would like to assign to users while they signup /login | true | `[user]` | +| `PROTECTED_ROLES` | Comma separated list of roles for which signup should be disabled. Example `admin` roles. This roles can only assigned manually via super admin like `adminUpdateProfile`. | false | | +| `JWT_ROLE_CLAIM` | Claim key that will be part of JWT token | true | `role` | +| `ORGANIZATION_NAME` | Name of organization that you want on default login page | false | `Authorizer` | +| `ORGANIZATION_LOGO` | Logo of organization that you want on default login page | false | [Authorizer Logo](https://authorizer.dev/images/logo.png) | +| `CUSTOM_ACCESS_TOKEN_SCRIPT` | Javascript function to add extra keys to your JWT id token. This feature is developed using [otto](https://github.com/robertkrimen/otto) and only supports writing function in [ES5](https://en.wikipedia.org/wiki/ECMAScript). Check the sample [here](https://github.com/authorizerdev/authorizer/blob/main/.env.sample#L3). | false | | +| `ACCESS_TOKEN_EXPIRY_TIME` | Time interval for how long access token will be expired in `1h15m15s` format | false | `30m` | +| `AWS_REGION` | AWS, region id, where dynamod db tables are to be created. Used with `DATABASE_TYPE=dynamodb`. | false | - | +| `AWS_ACCESS_KEY_ID` | AWS access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with `DATABASE_TYPE=dynamodb` | false | - | +| `AWS_SECRET_ACCESS_KEY` | AWS secret access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with `DATABASE_TYPE=dynamodb` | false | - | +| `COUCHBASE_BUCKET` | Bucket used for couchbase database. Used with `DATABASE_TYPE=couchbase` | false | `authorizer` | +| `COUCHBASE_BUCKET_RAM_QUOTA` | RAM Quota for the bucket used for couchbase database. It has to be numeric value only. Used with `DATABASE_TYPE=couchbase`. | false | `1000` | +| `COUCHBASE_SCOPE` | Scope in which bucket is created. Used with `DATABASE_TYPE=couchbase`. | false | `_default` | +| `GOOGLE_CLIENT_ID` | OAuth [Google login](https://developers.google.com/identity/sign-in/web/sign-in) client id | false | | +| `GOOGLE_CLIENT_SECRET` | OAuth [Google login client secret](https://developers.google.com/identity/sign-in/web/sign-in) | false | | +| `GITHUB_CLIENT_ID` | OAuth [Github login](https://docs.github.com/en/rest/guides/basics-of-authentication) client id | false | | +| `GITHUB_CLIENT_SECRET` | OAuth [Github login](https://docs.github.com/en/rest/guides/basics-of-authentication) client secret | false | | +| `FACEBOOK_CLIENT_ID` | OAuth [Facebook login](https://developers.facebook.com/docs/facebook-login/web) client id | false | | +| `FACEBOOK_CLIENT_SECRET` | OAuth [Facebook login](https://developers.facebook.com/docs/facebook-login/web) client secret | false | | +| `LINKEDIN_CLIENT_ID` | OAuth [LinkedIn login](https://learn.microsoft.com/en-us/linkedin/shared/authentication/authentication) client id | false | | +| `LINKEDIN_CLIENT_SECRET` | OAuth [LinkedIn login](https://learn.microsoft.com/en-us/linkedin/shared/authentication/authentication) client secret | false | | +| `APPLE_CLIENT_ID` | OAuth [Apple login](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple) client id | false | | +| `APPLE_CLIENT_SECRET` | OAuth [Apple login](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple) client secret | false | | +| `TWITTER_CLIENT_ID` | OAuth [Twitter login](https://developer.twitter.com/en/docs/authentication/oauth-2-0) client id | false | | +| `TWITTER_CLIENT_SECRET` | OAuth [Twitter login](https://developer.twitter.com/en/docs/authentication/oauth-2-0) client secret | false | | +| `MICROSOFT_CLIENT_ID` | OAuth [Microsoft login](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2) client id | false | | +| `MICROSOFT_CLIENT_SECRET` | OAuth [Microsoft login](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2) client secret | false | | +| `MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID` | Microsoft Active Directory Tenant ID obtained from azure portal | false | | It is expected for this variable to be present as system env or `.env` at the root of project. You can also pass `env_file` as command line argument. Example: