[generic] # log level; can be error, warn, info, debug, trace log_level = "trace" [graphql] # path and file name to GraphQL schema file schema_file = "/bbconf/schema.graphql" allow_introspection = true [proxy] # host name or IP of basebox DB proxy host = "dbproxy" port = 8081 # Whether to use http or https to connect to the proxy tls = false [server] # Host name of the broker (GraphQL server) host = "broker" # Port number; default is 80 for http, 443 for https port = 8080 max_request_size = 33554433 [auth] # Contents of 'iss' field, usually the URL of the authentication realm iss = "https://basebox-test-1.eu.auth0.com/" # Access token audience field aud = "basebox-todo" # public key file for the IdP server (KeyCloak in this case) # jwks_file = "/bbconf/idp_keys.json" ##### # OpenID Connect scope; default is "openid profile email" scope = "openid profile email" # Fully qualified URL to the OAuth2 callback endpoint. # After the user entered his/her credentials at the IdP's login form, the client will be redirected # to this URL. When the client receives a request to this URL, it must send the request's query # string to the broker's "openid_connect_path" set below. #redirect_url = "http://127.0.0.1:5167/oauth-callback" # OpenID Connect login completion request path. # The client must pass the query string from the call to "redirect_url" to this URL and gets # a basebox session token in return. #openid_connect_path = "/oauth/complete-login" # Path to the browser login URL. # This path is where the basebox broker returns a 302 response that redirects the browser to # the IdP login page; the target URL will contain all query parms needed to initiate an # auth code flow login procedure, incl. CSRF protection tokens etc. #login_path = "/oauth/login" # Logout path that allows explicit, immediate logouts. # Simply POST to this URL with the session cookie or bearer token. #logout_path = "/oauth/logout" # TODO - need? # Set to true to get a user's additional claims from OAuth2 user_info_additional_claims_required = true