mirror of https://github.com/vouch/vouch-proxy
39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
|
|
# Vouch Proxy configuration
|
|
# bare minimum to get Vouch Proxy running with OpenID Connect (such as okta)
|
|
|
|
vouch:
|
|
# domains:
|
|
# valid domains that the jwt cookies can be set into
|
|
# the callback_urls will be to these domains
|
|
domains:
|
|
- yourdomain.com
|
|
- yourotherdomain.com
|
|
|
|
# - OR -
|
|
# instead of setting specific domains you may prefer to allow all users...
|
|
# set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at the configured provider
|
|
# and set vouch.cookie.domain to the domain you wish to protect
|
|
# allowAllUsers: true
|
|
|
|
cookie:
|
|
# allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com)
|
|
secure: false
|
|
# vouch.cookie.domain must be set when enabling allowAllUsers
|
|
# domain: yourdomain.com
|
|
|
|
oauth:
|
|
# Generic OpenID Connect
|
|
# including okta
|
|
provider: oidc
|
|
client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
|
|
auth_url: https://{yourOktaDomain}/oauth2/default/v1/authorize
|
|
token_url: https://{yourOktaDomain}/oauth2/default/v1/token
|
|
user_info_url: https://{yourOktaDomain}/oauth2/default/v1/userinfo
|
|
scopes:
|
|
- openid
|
|
- email
|
|
- profile
|
|
callback_url: http://vouch.yourdomain.com:9090/auth
|