Matthieu Bessat
02e16a7e74
- generate JWT id_token in token exchange - store optional nonce in authorization object - switch to RS256 algorithm for JWT signature - add JWKs endpoint to provide OIDC clients with public keys
58 lines
1.4 KiB
TOML
58 lines
1.4 KiB
TOML
signing_key = "tmp/secrets/signing.key"
|
|
|
|
[instance]
|
|
base_uri = "http://localhost:8086"
|
|
name = "Example org"
|
|
logo_uri = "https://example.org/logo.png"
|
|
|
|
[[applications]]
|
|
slug = "demo_app"
|
|
name = "Demo app"
|
|
description = "A super application where you can do everything you want."
|
|
client_id = "00000001-0000-0000-0000-000000000001"
|
|
client_secret = "dummy_client_secret"
|
|
login_uri = "https://localhost:9876"
|
|
allowed_redirect_uris = [
|
|
"http://localhost:9090/callback",
|
|
"http://localhost:9876/callback"
|
|
]
|
|
visibility = "Internal"
|
|
authorize_flow = "Implicit"
|
|
|
|
[[applications]]
|
|
slug = "wiki"
|
|
name = "Wiki app"
|
|
description = "The knowledge base of the exemple org."
|
|
client_id = "f9de1885-448d-44bb-8c48-7e985486a8c6"
|
|
client_secret = "49c6c16a-0a8a-4981-a60d-5cb96582cc1a"
|
|
login_uri = "https://wiki.example.org/login"
|
|
allowed_redirect_uris = [
|
|
"https://wiki.example.org/oauth2/callback"
|
|
]
|
|
visibility = "Public"
|
|
authorize_flow = "Implicit"
|
|
|
|
[[applications]]
|
|
slug = "private_app"
|
|
name = "Demo app"
|
|
description = "Private app you should never discover"
|
|
client_id = "c8a08783-2342-4ce3-a3cb-9dc89b6bdf"
|
|
client_secret = "this_is_the_secret"
|
|
login_uri = "https://private-app.org"
|
|
allowed_redirect_uris = [
|
|
"http://localhost:9091/authorize",
|
|
]
|
|
visibility = "Private"
|
|
authorize_flow = "Implicit"
|
|
|
|
[[roles]]
|
|
slug = "basic"
|
|
name = "Basic"
|
|
description = "Basic user"
|
|
default = true
|
|
|
|
[[roles]]
|
|
slug = "admin"
|
|
name = "Administrator"
|
|
description = "Full power on organization instance"
|
|
|