consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5e263baed284e29e87cd003ad61edf4ef35b3efb
nairobi/config/secrets.yml.example
Anamika Aggarwal 5e263baed2 Add OIDC section for sign in and sign up page 
- name: :oidc → Identifier for this login provider in the app.
- scope: [:openid, :email, :profile] → Tells the provider we want the user’s ID (openid), their email, and basic profile info (name, picture, etc.).
- response_type: :code → Uses Authorization Code Flow, which is more secure because tokens are not exposed in the URL.
- issuer: Rails.application.secrets.oidc_issuer → The base URL of the OIDC provider (e.g., Auth0). Used to find its config.
- discovery: true → Automatically fetches the provider’s endpoints from its discovery document instead of manually setting them.
- client_auth_method: :basic → Sends client ID and secret using HTTP Basic Auth when exchanging the code for tokens.

Add system tests for OIDC Auth

Edit the oauth docs to support OIDC auth
2025-08-29 12:20:16 +02:00

228 lines
6.1 KiB
Plaintext
Raw Blame History

maps: &maps
map_tiles_provider: "//{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"
map_tiles_provider_attribution: "&copy; <a href=\"http://osm.org/copyright\">OpenStreetMap</a> contributors"
apis: &apis
microsoft_api_key: ""
census_api_end_point: ""
census_api_institution_code: ""
census_api_portal_name: ""
census_api_user_code: ""
sms_end_point: ""
sms_username: ""
sms_password: ""
http_basic_auth: &http_basic_auth
http_basic_auth: true
development:
# time_zone: ""
http_basic_username: "dev"
http_basic_password: "pass"
authentication_logs: false
devise_lockable: false
multitenancy: false
multitenancy_management_mode: false
security:
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
last_sign_in: false
password_complexity: false
# lockable:
# maximum_attempts: 20
# unlock_in: 1 # In hours
secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
<<: *maps
test:
# time_zone: ""
secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
<<: *maps
staging:
# secret_key_base: ""
server_name: ""
# time_zone: ""
# mailer_delivery_method: :smtp
# smtp_settings:
# :address: "smtp.example.com"
# :port: 25
# :domain: "your_domain.com"
# :user_name: "<username>"
# :password: "<password>"
# :authentication: "plain"
# :enable_starttls_auto: true
force_ssl: true
delay_jobs: true
email_interceptor_recipients: ""
errbit_host: ""
errbit_project_key: ""
errbit_project_id: 1
errbit_self_hosted_ssl: false
http_basic_username: ""
http_basic_password: ""
authentication_logs: false
devise_lockable: false
managers_url: ""
managers_application_key: ""
multitenancy: false
multitenancy_management_mode: false
security:
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
last_sign_in: false
password_complexity: false
# lockable:
# maximum_attempts: 20
# unlock_in: 1 # In hours
tenants:
# If you've enabled multitenancy, you can overwrite secrets for a
# specific tenant with:
#
# my_tenant_subdomain:
# secret_key: my_secret_value
#
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
twitter_key: ""
twitter_secret: ""
facebook_key: ""
facebook_secret: ""
google_oauth2_key: ""
google_oauth2_secret: ""
wordpress_oauth2_key: ""
wordpress_oauth2_secret: ""
wordpress_oauth2_site: ""
saml_sp_entity_id: ""
saml_idp_metadata_url: ""
saml_idp_sso_service_url: ""
oidc_client_id: ""
oidc_client_secret: ""
oidc_issuer: ""
oidc_redirect_uri: ""
<<: *maps
<<: *apis
preproduction:
# secret_key_base: ""
server_name: ""
# time_zone: ""
# mailer_delivery_method: :smtp
# smtp_settings:
# :address: "smtp.example.com"
# :port: 25
# :domain: "your_domain.com"
# :user_name: "<username>"
# :password: "<password>"
# :authentication: "plain"
# :enable_starttls_auto: true
force_ssl: true
delay_jobs: true
email_interceptor_recipients: ""
errbit_host: ""
errbit_project_key: ""
errbit_project_id: 1
errbit_self_hosted_ssl: false
http_basic_username: ""
http_basic_password: ""
authentication_logs: false
devise_lockable: false
managers_url: ""
managers_application_key: ""
multitenancy: false
multitenancy_management_mode: false
security:
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
last_sign_in: false
password_complexity: false
# lockable:
# maximum_attempts: 20
# unlock_in: 1 # In hours
tenants:
# If you've enabled multitenancy, you can overwrite secrets for a
# specific tenant with:
#
# my_tenant_subdomain:
# secret_key: my_secret_value
#
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
twitter_key: ""
twitter_secret: ""
facebook_key: ""
facebook_secret: ""
google_oauth2_key: ""
google_oauth2_secret: ""
wordpress_oauth2_key: ""
wordpress_oauth2_secret: ""
wordpress_oauth2_site: ""
saml_sp_entity_id: ""
saml_idp_metadata_url: ""
saml_idp_sso_service_url: ""
oidc_client_id: ""
oidc_client_secret: ""
oidc_issuer: ""
oidc_redirect_uri: ""
<<: *maps
<<: *apis
production:
# secret_key_base: ""
server_name: ""
# time_zone: ""
# mailer_delivery_method: :smtp
# smtp_settings:
# :address: "smtp.example.com"
# :port: 25
# :domain: "your_domain.com"
# :user_name: "<username>"
# :password: "<password>"
# :authentication: "plain"
# :enable_starttls_auto: true
force_ssl: true
delay_jobs: true
errbit_host: ""
errbit_project_key: ""
errbit_project_id: 1
errbit_self_hosted_ssl: false
http_basic_username: ""
http_basic_password: ""
authentication_logs: false
devise_lockable: false
managers_url: ""
managers_application_key: ""
multitenancy: false
multitenancy_management_mode: false
security:
# allowed_admin_ips: ["123.45.67.89", "192.168.1.0/24"]
last_sign_in: false
password_complexity: false
# lockable:
# maximum_attempts: 20
# unlock_in: 1 # In hours
tenants:
# If you've enabled multitenancy, you can overwrite secrets for a
# specific tenant with:
#
# my_tenant_subdomain:
# secret_key: my_secret_value
#
# Currently you can overwrite SMTP, SMS, manager, microsoft API,
# HTTP basic, twitter, facebook, google, wordpress, SAML and security settings.
twitter_key: ""
twitter_secret: ""
facebook_key: ""
facebook_secret: ""
google_oauth2_key: ""
google_oauth2_secret: ""
wordpress_oauth2_key: ""
wordpress_oauth2_secret: ""
wordpress_oauth2_site: ""
saml_sp_entity_id: ""
saml_idp_metadata_url: ""
saml_idp_sso_service_url: ""
oidc_client_id: ""
oidc_client_secret: ""
oidc_issuer: ""
oidc_redirect_uri: ""
<<: *maps
<<: *apis
Reference in New Issue View Git Blame Copy Permalink