/
authplz.yml
64 lines (52 loc) · 1.87 KB
/
authplz.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# AuthPlz Example Configuration
# $VARIABLES are loaded from the environment with the prefix specified on the command line
# User friendly application name
name: AuthPlz Example
# Server binding configuration
bind-address: $HOST
bind-port: $PORT
# External application address (required for reverse proxying)
external-address: $EXTERNAL_ADDRESS
# Database connection string
database: $DATABASE_URL
disable-web-security: true
# Allowed origins for API requests
# This is automatically set to bind-address:bind-port (or external-address if set) but can be overridden here if required
allowed-origins:
- https://localhost:3000
- http://localhost:3000
- https://authplz.herokuapp.com
- http://192.168.1.28:9000
# Secrets
cookie-secret: $COOKIE_SECRET
token-secret: $TOKEN_SECRET
# TLS configuration
tls:
# cert: server.pem
# key: server.key
disabled: true
# Template and static file directories
static-dir: ~/projects/authplz-ui/static
template-dir: ./templates
# OAuth (Client) Configuration
# Scopes define what resources an admin or users client can grant access to.
# These are heirachicle and are split by '.' (eg. public includes public.read)
# Grants correspond to OAuth grant types that clients can utilise
# Allowed responses defines what responses are allowed for OAuth clients
oauth:
secret: $OAUTH_SECRET
admin:
scopes: ["public.read", "public.write", "private.read", "private.write", "introspect", "offline"]
grants: ["authorization_code", "implicit", "refresh_token", "client_credentials"]
user:
scopes: ["public.read", "public.write", "private.read", "private.write", "offline"]
grants: ["authorization_code", "implicit", "refresh_token"]
allowed-responses: ["code", "token", "id_token"]
# Mailer configuration
mailer:
driver: mailgun
options:
domain: $MG_DOMAIN
address: $MG_ADDRESS
key: $MG_APIKEY
secret: $MG_PRIKEY