-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy path.env.example
33 lines (25 loc) · 1.07 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# SPDX-License-Identifier: GPL-2.0-only
# SPDX-FileCopyrightText: FOSSology contributors
# How long the token can be valid
TOKEN_HOUR_LIFESPAN=24
# Secret key to sign tokens (openssl rand -hex 32)
API_SECRET=some-random-string
READ_API_AUTHENTICATION_ENABLED=false
PORT=8080
# OIDC Provider (To be set if OIDC Authentication support required)
# The URL for retrieving keys for Token Parsing
JWKS_URI=https://provider/keys
# The field in ID Token that is to be used as username
OIDC_USERNAME_KEY=employee_id
# The field in ID Token that is to be used as email
OIDC_EMAIL_KEY=mail
# The issuer url
OIDC_ISSUER=https://provider
# The field in ID Token that is used as display name
OIDC_DISPLAYNAME_KEY=display_name
# Some OIDC providers do not provide the "alg" header in their key set(ex. AzureAD)
# This env variable, if set, will be used for signing while verifying the JWT signature
# (Make sure it's same as the signing algorithm used by the provider)
#
# For OIDC providers that provide the "alg" header in their key set, there is no need for this to be set
OIDC_SIGNING_ALG=RS256