86bbfcaa0c
When we first added OIDC support, we were configuring the redirect URI in the devise initializer, just like we did for other providers. Thanks to the changes in the previous commit, that code is no longer in the devise initializer, which means we can use `url_helpers` to get the redirect URI. This means we no longer need to define this URI in the secrets. This is particularly useful for multitenancy; previously, we had to define the redirect URI for every tenant because different tenants use different domains or different subdomains.
225 lines
6.0 KiB
Plaintext
225 lines
6.0 KiB
Plaintext
maps: &maps
|
|
map_tiles_provider: "//{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"
|
|
map_tiles_provider_attribution: "© <a href=\"http://osm.org/copyright\">OpenStreetMap</a> contributors"
|
|
|
|
apis: &apis
|
|
microsoft_api_key: ""
|
|
census_api_end_point: ""
|
|
census_api_institution_code: ""
|
|
census_api_portal_name: ""
|
|
census_api_user_code: ""
|
|
sms_end_point: ""
|
|
sms_username: ""
|
|
sms_password: ""
|
|
|
|
http_basic_auth: &http_basic_auth
|
|
http_basic_auth: true
|
|
|
|
development:
|
|
# time_zone: ""
|
|
http_basic_username: "dev"
|
|
http_basic_password: "pass"
|
|
authentication_logs: false
|
|
devise_lockable: false
|
|
multitenancy: false
|
|
multitenancy_management_mode: false
|
|
security:
|
|
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
|
|
last_sign_in: false
|
|
password_complexity: false
|
|
# lockable:
|
|
# maximum_attempts: 20
|
|
# unlock_in: 1 # In hours
|
|
secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
|
|
<<: *maps
|
|
|
|
test:
|
|
# time_zone: ""
|
|
secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
|
|
<<: *maps
|
|
|
|
staging:
|
|
# secret_key_base: ""
|
|
server_name: ""
|
|
# time_zone: ""
|
|
# mailer_delivery_method: :smtp
|
|
# smtp_settings:
|
|
# :address: "smtp.example.com"
|
|
# :port: 25
|
|
# :domain: "your_domain.com"
|
|
# :user_name: "<username>"
|
|
# :password: "<password>"
|
|
# :authentication: "plain"
|
|
# :enable_starttls_auto: true
|
|
force_ssl: true
|
|
delay_jobs: true
|
|
email_interceptor_recipients: ""
|
|
errbit_host: ""
|
|
errbit_project_key: ""
|
|
errbit_project_id: 1
|
|
errbit_self_hosted_ssl: false
|
|
http_basic_username: ""
|
|
http_basic_password: ""
|
|
authentication_logs: false
|
|
devise_lockable: false
|
|
managers_url: ""
|
|
managers_application_key: ""
|
|
multitenancy: false
|
|
multitenancy_management_mode: false
|
|
security:
|
|
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
|
|
last_sign_in: false
|
|
password_complexity: false
|
|
# lockable:
|
|
# maximum_attempts: 20
|
|
# unlock_in: 1 # In hours
|
|
tenants:
|
|
# If you've enabled multitenancy, you can overwrite secrets for a
|
|
# specific tenant with:
|
|
#
|
|
# my_tenant_subdomain:
|
|
# secret_key: my_secret_value
|
|
#
|
|
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
|
|
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
|
|
twitter_key: ""
|
|
twitter_secret: ""
|
|
facebook_key: ""
|
|
facebook_secret: ""
|
|
google_oauth2_key: ""
|
|
google_oauth2_secret: ""
|
|
wordpress_oauth2_key: ""
|
|
wordpress_oauth2_secret: ""
|
|
wordpress_oauth2_site: ""
|
|
saml_sp_entity_id: ""
|
|
saml_idp_metadata_url: ""
|
|
saml_idp_sso_service_url: ""
|
|
oidc_client_id: ""
|
|
oidc_client_secret: ""
|
|
oidc_issuer: ""
|
|
<<: *maps
|
|
<<: *apis
|
|
|
|
preproduction:
|
|
# secret_key_base: ""
|
|
server_name: ""
|
|
# time_zone: ""
|
|
# mailer_delivery_method: :smtp
|
|
# smtp_settings:
|
|
# :address: "smtp.example.com"
|
|
# :port: 25
|
|
# :domain: "your_domain.com"
|
|
# :user_name: "<username>"
|
|
# :password: "<password>"
|
|
# :authentication: "plain"
|
|
# :enable_starttls_auto: true
|
|
force_ssl: true
|
|
delay_jobs: true
|
|
email_interceptor_recipients: ""
|
|
errbit_host: ""
|
|
errbit_project_key: ""
|
|
errbit_project_id: 1
|
|
errbit_self_hosted_ssl: false
|
|
http_basic_username: ""
|
|
http_basic_password: ""
|
|
authentication_logs: false
|
|
devise_lockable: false
|
|
managers_url: ""
|
|
managers_application_key: ""
|
|
multitenancy: false
|
|
multitenancy_management_mode: false
|
|
security:
|
|
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
|
|
last_sign_in: false
|
|
password_complexity: false
|
|
# lockable:
|
|
# maximum_attempts: 20
|
|
# unlock_in: 1 # In hours
|
|
tenants:
|
|
# If you've enabled multitenancy, you can overwrite secrets for a
|
|
# specific tenant with:
|
|
#
|
|
# my_tenant_subdomain:
|
|
# secret_key: my_secret_value
|
|
#
|
|
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
|
|
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
|
|
twitter_key: ""
|
|
twitter_secret: ""
|
|
facebook_key: ""
|
|
facebook_secret: ""
|
|
google_oauth2_key: ""
|
|
google_oauth2_secret: ""
|
|
wordpress_oauth2_key: ""
|
|
wordpress_oauth2_secret: ""
|
|
wordpress_oauth2_site: ""
|
|
saml_sp_entity_id: ""
|
|
saml_idp_metadata_url: ""
|
|
saml_idp_sso_service_url: ""
|
|
oidc_client_id: ""
|
|
oidc_client_secret: ""
|
|
oidc_issuer: ""
|
|
<<: *maps
|
|
<<: *apis
|
|
|
|
production:
|
|
# secret_key_base: ""
|
|
server_name: ""
|
|
# time_zone: ""
|
|
# mailer_delivery_method: :smtp
|
|
# smtp_settings:
|
|
# :address: "smtp.example.com"
|
|
# :port: 25
|
|
# :domain: "your_domain.com"
|
|
# :user_name: "<username>"
|
|
# :password: "<password>"
|
|
# :authentication: "plain"
|
|
# :enable_starttls_auto: true
|
|
force_ssl: true
|
|
delay_jobs: true
|
|
errbit_host: ""
|
|
errbit_project_key: ""
|
|
errbit_project_id: 1
|
|
errbit_self_hosted_ssl: false
|
|
http_basic_username: ""
|
|
http_basic_password: ""
|
|
authentication_logs: false
|
|
devise_lockable: false
|
|
managers_url: ""
|
|
managers_application_key: ""
|
|
multitenancy: false
|
|
multitenancy_management_mode: false
|
|
security:
|
|
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
|
|
last_sign_in: false
|
|
password_complexity: false
|
|
# lockable:
|
|
# maximum_attempts: 20
|
|
# unlock_in: 1 # In hours
|
|
tenants:
|
|
# If you've enabled multitenancy, you can overwrite secrets for a
|
|
# specific tenant with:
|
|
#
|
|
# my_tenant_subdomain:
|
|
# secret_key: my_secret_value
|
|
#
|
|
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
|
|
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
|
|
twitter_key: ""
|
|
twitter_secret: ""
|
|
facebook_key: ""
|
|
facebook_secret: ""
|
|
google_oauth2_key: ""
|
|
google_oauth2_secret: ""
|
|
wordpress_oauth2_key: ""
|
|
wordpress_oauth2_secret: ""
|
|
wordpress_oauth2_site: ""
|
|
saml_sp_entity_id: ""
|
|
saml_idp_metadata_url: ""
|
|
saml_idp_sso_service_url: ""
|
|
oidc_client_id: ""
|
|
oidc_client_secret: ""
|
|
oidc_issuer: ""
|
|
<<: *maps
|
|
<<: *apis
|