Configuration
In this section, the configuration of the SSO bridge is explained. Configuration is used based on a config.yaml file which should be placed in the apps/backend folder. This config.yaml file is loaded when booting the application. The values get type checked, and it gives a clear error message if there is a configuration field missing or provided incorrectly. Next to the config.yaml file, you can also set environment variables. These override the values that are listed in the config.yaml file.
Databases
By default, the development database is sqlite. We use postgres databases for production type instances of the http data planes.
Configuration parameters
| Key | Required | Type | Description | Default |
|---|---|---|---|---|
DatabaseConfig | ||||
db | Yes | DatabaseConfig | Database configuration | |
db.type | Yes | "sqlite" | "postgres" | Type of database | |
db.database | Yes | String | Name of the database | |
db.synchronize | Boolean | Synchronize database schema | ||
db{type=sqlite} | Yes | SQLiteConfig | Database configuration | |
db{type=sqlite}.type | "sqlite" | "postgres" | Type of database | "sqlite" | |
db{type=sqlite}.database | Yes | String | Name of the database | |
db{type=sqlite}.synchronize | Boolean | Synchronize database schema | ||
db{type=postgres} | Yes | PostgresConfig | Database configuration | |
db{type=postgres}.host | Yes | String | Host of the database | |
db{type=postgres}.port | Yes | Number | Port of the database | |
db{type=postgres}.username | Yes | String | Username of the database | |
db{type=postgres}.password | Yes | String | Password of the database | |
db{type=postgres}.ssl | Unknown | SSL configuration of the database | ||
db{type=postgres}.type | "sqlite" | "postgres" | Type of database | "postgres" | |
db{type=postgres}.database | Yes | String | Name of the database | |
db{type=postgres}.synchronize | Boolean | Synchronize database schema | ||
ServerConfig | ||||
server | ServerConfig | Server configuration | ||
server.listen | String | IP address the server listens on | "0.0.0.0" | |
server.port | Number | Port the server listens on | 3000 | |
server.publicDomain | String | Public domain of the server | "localhost" | |
server.publicAddress | String | Public address of the server | "http://localhost:3000" | |
server.subPath | String | Sub path of the server | ||
InitRole | ||||
initRoles | InitRole[] | Initial role configurations | ||
initRoles[].name | Yes | String | Role name | |
initRoles[].description | Yes | String | Role description | |
InitClient | ||||
initClients | InitClient[] | Initial client configurations | ||
initClients[].clientId | Yes | String | Client ID | |
initClients[].clientSecret | Yes | String | Client secret | |
initClients[].secretName | Yes | String | Kubernetes secret name | |
initClients[].roles | Yes | String | Client roles | |
initClients[].grants | String | Client grants types supported | ["client_credentials"] | |
initClients[].name | Yes | String | Client name | |
initClients[].description | Yes | String | Client description | |
initClients[].redirectUris | Yes | String | Allowed Client redirect URIs regex | |
InitUser | ||||
initUsers | InitUser[] | Initial user configurations | ||
initUsers[].username | Yes | String | Username | |
initUsers[].password | Yes | String | Password | |
initUsers[].email | Yes | String | ||
initUsers[].roles | Yes | String | User roles | |
initUsers[].grants | String | Grant types supported | ["authorization_code","refresh_token"] | |
kubernetesNamespace | String | Kubernetes namespace | "default" | |
presentationDefinition | String | Presentation Definition for OID4VP | "{\"id\":\"ac60a5c8-5677-420e-931f-58d769fc3b83\",\"input_descriptors\":[{\"id\":\"14322c69-1bce-4d7f-b6c2-ecc29b2c123b\",\"constraints\":{\"fields\":[{\"path\":[\"$.type\"],\"filter\":{\"type\":\"string\",\"pattern\":\"VerifiableCredential\"}}]}}]}" |