sso-core/.env.example

# Front-end public URL, without leading slash
PUBLIC_URL=http://localhost:5173

# Site name, displayed on the UI and in emails
PUBLIC_SITE_NAME=Amanita SSO

# Database connection (mysql)
DATABASE_HOST=localhost
DATABASE_DB=icyauth
DATABASE_USER=icyauth
DATABASE_PASS=icyauth

# Secret keys for sessions and challenges
# These keys should be rotated as part of regular maintenance
SESSION_SECRET=32 char key
CHALLENGE_SECRET=64 char key

# Set "Secure" flag on the cookie
SESSION_SECURE=true

# OpenID Connect JWT (ID token) settings
# Private keys for JWTs are stored as files in the private directory
JWT_ALGORITHM=RS256
JWT_EXPIRATION=7d
JWT_ISSUER=http://localhost:5173

# SMTP settings
EMAIL_ENABLED=true
EMAIL_FROM=no-reply@icynet.eu
EMAIL_SMTP_HOST=mail.icynet.eu
EMAIL_SMTP_PORT=587
EMAIL_SMTP_SECURE=false
EMAIL_SMTP_USER=
EMAIL_SMTP_PASS=

# Enable new account registrations
REGISTRATIONS=true

# Trust the first proxy to give us the user's real IP
ADDRESS_HEADER=X-Forwarded-For
XFF_DEPTH=1

# Run database migrations automatically on startup
AUTO_MIGRATE=true
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00			`# Front-end public URL, without leading slash`
password reset 2024-05-20 17:25:46 +00:00			`PUBLIC_URL=http://localhost:5173`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Site name, displayed on the UI and in emails`
password reset 2024-05-20 17:25:46 +00:00			`PUBLIC_SITE_NAME=Amanita SSO`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Database connection (mysql)`
password reset 2024-05-20 17:25:46 +00:00			`DATABASE_HOST=localhost`
			`DATABASE_DB=icyauth`
			`DATABASE_USER=icyauth`
			`DATABASE_PASS=icyauth`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Secret keys for sessions and challenges`
			`# These keys should be rotated as part of regular maintenance`
password reset 2024-05-20 17:25:46 +00:00			`SESSION_SECRET=32 char key`
			`CHALLENGE_SECRET=64 char key`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
Secure cookie 2024-06-06 17:27:38 +00:00			`# Set "Secure" flag on the cookie`
			`SESSION_SECURE=true`

Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00			`# OpenID Connect JWT (ID token) settings`
			`# Private keys for JWTs are stored as files in the private directory`
password reset 2024-05-20 17:25:46 +00:00			`JWT_ALGORITHM=RS256`
favicon 2024-06-04 17:36:10 +00:00			`JWT_EXPIRATION=7d`
password reset 2024-05-20 17:25:46 +00:00			`JWT_ISSUER=http://localhost:5173`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# SMTP settings`
password reset 2024-05-20 17:25:46 +00:00			`EMAIL_ENABLED=true`
			`EMAIL_FROM=no-reply@icynet.eu`
			`EMAIL_SMTP_HOST=mail.icynet.eu`
			`EMAIL_SMTP_PORT=587`
			`EMAIL_SMTP_SECURE=false`
			`EMAIL_SMTP_USER=`
			`EMAIL_SMTP_PASS=`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Enable new account registrations`
password reset 2024-05-20 17:25:46 +00:00			`REGISTRATIONS=true`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Trust the first proxy to give us the user's real IP`
authorizations management 2024-05-21 16:16:15 +00:00			`ADDRESS_HEADER=X-Forwarded-For`
			`XFF_DEPTH=1`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 17:02:18 +00:00
			`# Run database migrations automatically on startup`
admin stuff 2024-06-01 11:42:08 +00:00			`AUTO_MIGRATE=true`