version: "0.0.1"
server:
  host: "127.0.0.1"
  port: 3333
  callback: "/oidc/callback"

providers:
  facebook: "http://facebook.com"
  forgejo: "http://git.towk.local:3000"
  gitlab: "https://gitlab.newmexicoconsortium.org"
  github: "https://github.com"

authentication:
  clients:
    - id: "7527e7b4-c96a-4df0-8fc5-00fde18bb65d"
      secret: "gto_cc5uvpb5lsdczkwnbarvwmbpv5kcjwg7nhbc75zt65yrfh2ldenq"
      name: "forgejo"
      issuer: "http://git.towk.local:3000"
      scope:
        - "openid"
        - "profile"
        - "read"
        - "email"
      redirect-uris:
        - "http://127.0.0.1:3333/oidc/callback"
    - id: "7c0fab1153674a258a705976fcb9468350df3addd91de4ec622fc9ed24bfbcdd"
      secret: "a9a8bc55b0cd99236756093adc00ab17855fa507ce106b8038e7f9390ef2ad99"
      name: "gitlab"
      issuer: "http://gitlab.newmexicoconsortium.org"
      scope:
        - "openid"
        - "profile"
        - "email"
      redirect-uris:
        - "http://127.0.0.1:3333/oidc/callback"
  flows:
    authorization-code:
      state: ""
    client-credentials:

authorization:
  urls:
    #identities: http://127.0.0.1:4434/admin/identities
    trusted-issuers: http://127.0.0.1:4445/admin/trust/grants/jwt-bearer/issuers
    login: http://127.0.0.1:4433/self-service/login/api
    clients: http://127.0.0.1:4445/admin/clients
    authorize: http://127.0.0.1:4444/oauth2/auth
    register: http://127.0.0.1:4444/oauth2/register
    token: http://127.0.0.1:4444/oauth2/token


options:
  decode-id-token: true
  decode-access-token: true
  run-once: true
  open-browser: false