src/api/sso/env.local

# Environment variables needed if you want to run `npm run dev`
# and run the server locally, outside of Docker. For all the various
# ways we run this using Docker, the env is defined by one of the
# config/env.* files in the root.  This requires that the other
# services are running, particularly the login and users services.
LOG_LEVEL=debug

SSO_PORT=7777

# The Single Sign On (SSO) login service URL
SSO_LOGIN_URL=http://localhost:8081/simplesaml/saml2/idp/SSOService.php

# The callback URL endpoint to be used by the SSO login service (see the /auth route)
SSO_LOGIN_CALLBACK_URL=http://localhost:7777/login/callback

# The Single Logout (SLO) service URL
SLO_LOGOUT_URL=http://localhost:8081/simplesaml/saml2/idp/SingleLogoutService.php

# The callback URL endpoint to be used by the SLO logout service (see the /auth route)
SLO_LOGOUT_CALLBACK_URL=http://localhost:7777/logout/callback

# The SSO Identity Provider's public key certificate. NOTE: this is the public
# key cert of the test login IdP docker container.  Update for staging and prod.
SSO_IDP_PUBLIC_KEY_CERT=MIIDXTCCAkWgAwIBAgIJALmVVuDWu4NYMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTYxMjMxMTQzNDQ3WhcNNDgwNjI1MTQzNDQ3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUCFozgNb1h1M0jzNRSCjhOBnR+uVbVpaWfXYIR+AhWDdEe5ryY+CgavOg8bfLybyzFdehlYdDRgkedEB/GjG8aJw06l0qF4jDOAw0kEygWCu2mcH7XOxRt+YAH3TVHa/Hu1W3WjzkobqqqLQ8gkKWWM27fOgAZ6GieaJBN6VBSMMcPey3HWLBmc+TYJmv1dbaO2jHhKh8pfKw0W12VM8P1PIO8gv4Phu/uuJYieBWKixBEyy0lHjyixYFCR12xdh4CA47q958ZRGnnDUGFVE1QhgRacJCOZ9bd5t9mr8KLaVBYTCJo5ERE8jymab5dPqe5qKfJsCZiqWglbjUo9twIDAQABo1AwTjAdBgNVHQ4EFgQUxpuwcs/CYQOyui+r1G+3KxBNhxkwHwYDVR0jBBgwFoAUxpuwcs/CYQOyui+r1G+3KxBNhxkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAiWUKs/2x/viNCKi3Y6blEuCtAGhzOOZ9EjrvJ8+COH3Rag3tVBWrcBZ3/uhhPq5gy9lqw4OkvEws99/5jFsX1FJ6MKBgqfuy7yh5s1YfM0ANHYczMmYpZeAcQf2CGAaVfwTTfSlzNLsF2lW/ly7yapFzlYSJLGoVE+OHEu8g5SlNACUEfkXw+5Eghh+KzlIN7R6Q7r2ixWNFBC/jWf7NKUfJyX8qIG5md1YUeT6GBW9Bm2/1/RiO24JTaYlfLdKK9TYb8sG5B+OLab2DImG99CJ25RkAcSobWNF5zD0O6lgOo3cEdB/ksCq3hmtlC/DlLZ/D8CJ+7VuZnS1rR2naQ==

# Our apps's Entity ID, which is also the URL to our metadata.
SAML_ENTITY_ID=http://localhost:7777/sp

# ADMINISTRATORS is a list (space delimited) of users who have administrator
# rights. Use the user's nameID (user2@example.com) or hashed version of
# nameID (2b3b2b9ce8).  Either will work.
ADMINISTRATORS=user1@example.com

# Origins of web apps that we'll allow for redirects. See src/api/sso/test
ALLOWED_APP_ORIGINS=http://localhost:8000 http://localhost:8888

# The URI of the auth server
JWT_ISSUER=http://localhost:7777

# The microservices origin
JWT_AUDIENCE=http://localhost

# How long should a JWT work before it expires
JWT_EXPIRES_IN=1h

# Supabase connection https://supabase.com/docs/guides/database/connecting-to-postgres
SUPABASE_URL=http://kong:8000
# Admin key, able to bypass security rules
SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q