diff --git a/bbconf/broker-config-access-token-mode.toml b/bbconf/broker-config-access-token-mode.toml
new file mode 100644
index 0000000..099ca42
--- /dev/null
+++ b/bbconf/broker-config-access-token-mode.toml
@@ -0,0 +1,50 @@
+[generic]
+# log level; can be error, warn, info, debug, trace
+log_level = "trace"
+
+[graphql]
+# path and file name to GraphQL schema file
+schema_file = "todo_schema.graphql"
+allow_introspection = true
+
+[proxy]
+# host name or IP of basebox DB proxy
+host = "localhost"
+port = 8081
+# Whether to use http or https to connect to the proxy
+tls = false
+
+[server]
+# Host name of the broker (GraphQL server)
+host = "192.168.2.172"
+
+# Port number; default is 80 for http, 443 for https
+port = 8080
+
+# number of HTTP server threads to spawn; default is one per CPU core
+workers = 2
+
+# Path and file name of TLS/SSL key file
+# cert_key_file = "/path/to/key.pem"
+
+# Path and file name of TLS certificate (chain) file
+# cert_file = "/path/to/cert.pem"
+
+[auth]
+mode = "access-token"
+
+# Base URL to the identity provider (OAuth2/OpenID Connect server, e.g. Keycloak)
+iss = "https://basebox-test-1.eu.auth0.com/"
+aud = "basebox-todo"
+
+
+[business_logic_layer]
+business_logic_layer_enabled = false
+python_module_path = "/path/to/python/module"
+python_module_name = "mymodule"
+
+[business_logic_layer.pre_definition]
+all = ["query"]
+query = ["getExercises", "getExercise"]
+mutation = ["createExercise", "updateExercise", "deleteExercise"]
+fragment = []
diff --git a/bbconf/dbproxy-config.toml b/bbconf/dbproxy-config.toml
index f417940..75dbacf 100644
--- a/bbconf/dbproxy-config.toml
+++ b/bbconf/dbproxy-config.toml
@@ -2,21 +2,12 @@
 # log level; can be error, warn, info, debug, trace
 log_level = "trace"
 
-[idp_config]
-# URL of IdP's discovery endpoint. If not set, the URL is made up by appending
-# ".well-known/openid-configuration" to the id_token_validation.iss field.
-# discovery_url = "https://kcdev.basebox.io:8443/realms/todo/.well-known/openid-configuration"
-# URL of IdP's public keystore. If set, the discovery endpoint is not used at all.
-# jwks_url = "https://kcdev.basebox.io:8443/realms/todo/protocol/openid-connect/certs"
-
-[openid_token_validation]
+[oidc_config]
 # Incoming ID tokens are validated using, among other, the following fields.
 # Contents of 'iss' field, usually the URL of the authetnication realm
 iss = "https://basebox-test-1.eu.auth0.com/"
-# ID token audience field, usually OpenID Connect client ID
-id_aud = "5wl8hQV1thh07rScSoJ3aN56ETuXWprg"
 # Access token audience field
-acc_aud = "basebox-todo"
+aud = "basebox-todo"
 
 [graphql]
 # path and file name to GraphQL schema file