29 lines
1.0 KiB
YAML
29 lines
1.0 KiB
YAML
# Ory Hydra — OAuth2/OIDC provider, so other apps can authenticate *through*
|
|
# plainpages (README: "OAuth2 provider"). The web app implements Hydra's login &
|
|
# consent steps at the URLs below, authenticating the user via their Kratos session;
|
|
# Hydra mints the tokens. DSN comes from the env (the per-service hydra DB). Only
|
|
# relevant when external apps log in through us — nothing first-party needs it (§6).
|
|
serve:
|
|
public:
|
|
port: 4444
|
|
admin:
|
|
port: 4445
|
|
|
|
# issuer = the public OAuth2 URL clients use; login/consent/logout hand the browser to
|
|
# our themed handlers (§6). Dev defaults (http) — prod overrides issuer via env (https).
|
|
urls:
|
|
self:
|
|
issuer: http://127.0.0.1:4444/
|
|
login: http://127.0.0.1:3000/oauth2/login
|
|
consent: http://127.0.0.1:3000/oauth2/consent
|
|
logout: http://127.0.0.1:3000/oauth2/logout
|
|
|
|
# Dev throwaway — production supplies a real system secret via env (SECRETS_SYSTEM).
|
|
secrets:
|
|
system:
|
|
- PLEASE-CHANGE-ME-dev-hydra-system-secret
|
|
|
|
log:
|
|
level: info
|
|
format: text
|