bbohard
/
eole-hydra
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Fichier de configuration pour hydra

This commit is contained in:
Benjamin Bohard 2021-09-13 16:21:16 +02:00
commit 5393a22168
1 changed files with 176 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
tmpl/hydra.yml Normal file
View File

@ -0,0 +1,176 @@
serve:
admin:
host: localhost
cors:
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- POST
allowed_headers:
- ''
exposed_headers:
- ''
allow_credentials: false
options_passthrough: false
max_age: 0
debug: false
enabled: false
socket:
group: ''
mode: 0
owner: ''
access_log:
disable_for_health: false
tls:
cert:
path: /etc/ssl/certs/ssl-cert-snakeoil.pem
allow_termination_from:
- 127.0.0.1/32
enabled: false
key:
path: /etc/ssl/private/ssl-cert-snakeoil.key
port: 1
tls:
cert:
path: /etc/ssl/certs/ssl-cert-snakeoil.pem
allow_termination_from:
- 127.0.0.1/32
key:
path: /etc/ssl/private/ssl-cert-snakeoil.key
cookies:
same_site_legacy_workaround: true
same_site_mode: Strict
public:
host: localhost
cors:
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- POST
allowed_headers:
- ''
exposed_headers:
- ''
allow_credentials: false
options_passthrough: false
max_age: 0
debug: false
enabled: false
socket:
group: ''
mode: 0
owner: ''
access_log:
disable_for_health: false
tls:
cert:
path: /etc/ssl/certs/ssl-cert-snakeoil.pem
allow_termination_from:
- 127.0.0.1/32
key:
path: /etc/ssl/private/ssl-cert-snakeoil.key
port: 1
dsn: 'memory'
webfinger:
oidc_discovery:
token_url: https://my-service.com/oauth2/token
auth_url: https://my-service.com/oauth2/auth
client_registration_url: https://my-service.com/clients
supported_claims:
- email
- username
supported_scope:
- email
- whatever
- read.photos
userinfo_url: https://example.org/my-custom-userinfo-endpoint
jwks_url: https://my-service.com/.well-known/jwks.json
jwks:
broadcast_keys:
- hydra.jwt.access-token
oidc:
dynamic_client_registration:
default_scope:
- openid
- offline
- offline_access
subject_identifiers:
supported_types:
- public
- pairwise
pairwise:
salt: some-random-salt
urls:
login: https://my-login.app/login
consent: https://my-consent.app/consent
logout: https://my-logout.app/logout
error: https://my-error.app/error
post_logout_redirect: https://my-example.app/logout-successful
self:
public: https://localhost:4444/
issuer: https://localhost:4444/
strategies:
access_token: opaque
scope: exact
ttl:
access_token: 1h
refresh_token: 1h
id_token: 1h
auth_code: 1h
login_consent_request: 1h
oauth2:
session:
encrypt_at_rest: false
include_legacy_error_fields: true
exclude_not_before_claim: true
allowed_top_level_claims:
- username
- email
- user_uuid
hashers:
bcrypt:
cost: 4
pkce:
enforced_for_public_clients: true
enforced: true
client_credentials:
default_grant_allowed_scope: false
expose_internal_errors: true
secrets:
cookie:
- this-is-the-primary-secret
- this-is-an-old-secret
- this-is-another-old-secret
system:
- this-is-the-primary-secret
- this-is-an-old-secret
- this-is-another-old-secret
profiling: cpu
tracing:
service_name: ORY Hydra
providers:
zipkin:
server_url: http://localhost:9411/api/v2/spans
jaeger:
propagation: jaeger
max_tag_value_length: 0
sampling:
type: const
value: 1
server_url: http://localhost:5778/sampling
local_agent_address: 127.0.0.1:6831
provider: jaeger
sqa:
opt_out: true
version: v1.10.6
cgroups:
v1:
auto_max_procs_enabled: true
log:
leak_sensitive_values: false
format: text
level: error