From 5393a2216801f325b06899eff9d5a2ddd46a967f Mon Sep 17 00:00:00 2001 From: Benjamin Bohard Date: Mon, 13 Sep 2021 16:21:16 +0200 Subject: [PATCH] Fichier de configuration pour hydra --- tmpl/hydra.yml | 176 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 tmpl/hydra.yml diff --git a/tmpl/hydra.yml b/tmpl/hydra.yml new file mode 100644 index 0000000..c4d4114 --- /dev/null +++ b/tmpl/hydra.yml @@ -0,0 +1,176 @@ +serve: + admin: + host: localhost + cors: + allowed_origins: + - https://example.com + - https://*.example.com + - https://*.foo.example.com + allowed_methods: + - POST + allowed_headers: + - '' + exposed_headers: + - '' + allow_credentials: false + options_passthrough: false + max_age: 0 + debug: false + enabled: false + socket: + group: '' + mode: 0 + owner: '' + access_log: + disable_for_health: false + tls: + cert: + path: /etc/ssl/certs/ssl-cert-snakeoil.pem + allow_termination_from: + - 127.0.0.1/32 + enabled: false + key: + path: /etc/ssl/private/ssl-cert-snakeoil.key + port: 1 + tls: + cert: + path: /etc/ssl/certs/ssl-cert-snakeoil.pem + allow_termination_from: + - 127.0.0.1/32 + key: + path: /etc/ssl/private/ssl-cert-snakeoil.key + cookies: + same_site_legacy_workaround: true + same_site_mode: Strict + public: + host: localhost + cors: + allowed_origins: + - https://example.com + - https://*.example.com + - https://*.foo.example.com + allowed_methods: + - POST + allowed_headers: + - '' + exposed_headers: + - '' + allow_credentials: false + options_passthrough: false + max_age: 0 + debug: false + enabled: false + socket: + group: '' + mode: 0 + owner: '' + access_log: + disable_for_health: false + tls: + cert: + path: /etc/ssl/certs/ssl-cert-snakeoil.pem + allow_termination_from: + - 127.0.0.1/32 + key: + path: /etc/ssl/private/ssl-cert-snakeoil.key + port: 1 +dsn: 'memory' +webfinger: + oidc_discovery: + token_url: https://my-service.com/oauth2/token + auth_url: https://my-service.com/oauth2/auth + client_registration_url: https://my-service.com/clients + supported_claims: + - email + - username + supported_scope: + - email + - whatever + - read.photos + userinfo_url: https://example.org/my-custom-userinfo-endpoint + jwks_url: https://my-service.com/.well-known/jwks.json + jwks: + broadcast_keys: + - hydra.jwt.access-token +oidc: + dynamic_client_registration: + default_scope: + - openid + - offline + - offline_access + subject_identifiers: + supported_types: + - public + - pairwise + pairwise: + salt: some-random-salt +urls: + login: https://my-login.app/login + consent: https://my-consent.app/consent + logout: https://my-logout.app/logout + error: https://my-error.app/error + post_logout_redirect: https://my-example.app/logout-successful + self: + public: https://localhost:4444/ + issuer: https://localhost:4444/ +strategies: + access_token: opaque + scope: exact +ttl: + access_token: 1h + refresh_token: 1h + id_token: 1h + auth_code: 1h + login_consent_request: 1h +oauth2: + session: + encrypt_at_rest: false + include_legacy_error_fields: true + exclude_not_before_claim: true + allowed_top_level_claims: + - username + - email + - user_uuid + hashers: + bcrypt: + cost: 4 + pkce: + enforced_for_public_clients: true + enforced: true + client_credentials: + default_grant_allowed_scope: false + expose_internal_errors: true +secrets: + cookie: + - this-is-the-primary-secret + - this-is-an-old-secret + - this-is-another-old-secret + system: + - this-is-the-primary-secret + - this-is-an-old-secret + - this-is-another-old-secret +profiling: cpu +tracing: + service_name: ORY Hydra + providers: + zipkin: + server_url: http://localhost:9411/api/v2/spans + jaeger: + propagation: jaeger + max_tag_value_length: 0 + sampling: + type: const + value: 1 + server_url: http://localhost:5778/sampling + local_agent_address: 127.0.0.1:6831 + provider: jaeger +sqa: + opt_out: true +version: v1.10.6 +cgroups: + v1: + auto_max_procs_enabled: true +log: + leak_sensitive_values: false + format: text + level: error