# The issuer url to be used. MUST point to this server
issuer: "https://mytoken.example.com"
# Configuration for the mytoken server
server:
  hostname: "mytoken.example.com"
  # port: 443

# Configuration for the database
database:
  host: "localhost"
  user: "mytoken"
  password: "mytoken"
  db: "mytoken"

# Configuration for token signing
signing:
  # The used algorithm
  alg: "ES512"
  # The file with the signing key
  key_file: "/mytoken.key"
  # If an RSA-based algorithm is used, this is the key len. Only needed when generating a new rsa key.
  # rsa_key_len: 2048

# Configuration for logging
logging:
  # The web server access logs
  access:
    # The directory where the log file should be placed
    dir: "/var/log/mytoken"
    # Indicates if mytoken should log additionally to stderr
    stderr: false
  # The mytoken internal logs
  internal:
    # The directory where the log file should be placed
    dir: "/var/log/mytoken"
    # Indicates if mytoken should log additionally to stderr
    stderr: false
    # The minimal log level that should be logged
    level: "error"

# URL with documentation about the service
service_documentation: "https://github.com/zachmann/mytoken"

# Configuration and enabling/disabling for different features
features:
  # The supported oidc flows
  oidc_flows:
    - "authorization_code" # Always enabled
    - "device" # Requires polling_codes to be enabled

  # Revocation for tokens issued by mytoken. Only disable this if you have good reasons for it.
  token_revocation:
    enabled: true

  # Support for short super tokens
  short_tokens:
    enabled: true
    len: 64 # Default 64, max 256

  # Support for transfer codes for super tokens
  transfer_codes:
    enabled: true
    len: 8 # Default 8, max 64

  # Support for polling codes that are used by native applications. Only disable this if you have good reasons for it.
  polling_codes:
    enabled: true
    expires_after: 300 # The time in seconds how long a polling code can be used
    polling_interval: 5 # The interval in seconds the native application should wait between two polling attempts

  # Support for the access_token grant, i.e. a user can use an AT to obtain an ST.
  access_token_grant:
    enabled: true

  # Support for the private_key_jwt grant, i.e. a user can use an signed jwt to obtain an ST.
  signed_jwt_grant:
    enabled: true

# The list of supported providers
providers:
  - issuer: "https://example.provider.com/"
    client_id: "clientid"
    client_secret: "clientsecret"
    scopes:
      - openid
      - profile