This repository has been archived by the owner on Dec 13, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 106
/
Copy pathconfig.yml
274 lines (245 loc) · 8.12 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
web:
# The basePath is used as the default path for the cookies that are set by
# this library. If not defined, we will default to /
basePath: null
# Determines how long Jwks (used for password-grant access token validation) should be cached
defaultJwksCacheManagerConfig:
ttl: 60000 # milliseconds
domainName: null # Required if using subdomain-based multi-tenancy
multiTenancy:
# When enabled, the framework will require the user to authenticate against
# a specific Organization. The authenticated organization is persisted in
# the access token that is issued.
#
# At the moment we only support a sub-domain based strategy, wherby the
# user must arrive on the subdomain that correlates with their tenant in
# order to authenticate. If they visit the parent domain, they will be
# required to identify the organization they wish to use.
enabled: false
strategy: "subdomain"
oauth2:
enabled: true
uri: "/oauth/token"
client_credentials:
enabled: true
accessToken:
ttl: 3600
password:
enabled: true
validationStrategy: "local"
accessTokenCookie:
# Controls the name of the cookie that we send to the browser.
name: "access_token"
# httpOnly is true, to prevent XSS attacks from hijacking your cookies. We
# highly recommend that you do not change this.
httpOnly: true
# The secure property controls the Secure flag on the cookie. The
# framework will auto-detect if the incoming request is over HTTPS, by
# looking at req.protocol === 'https' and turn on Secure if so. You can
# override auto-detection and force the Secure flag on by setting this
# property to true, or force off by setting this property to false.
secure: null
# Controls the path flag of the cookie. Inherits from basePath, but can be
# overridden here.
path: null
# Controls the domain flag on the cookie, will not be set unless specified.
domain: null
# Refresh Token Cookie has same options as the Access Token Cookie (above).
# Use the maxAge value to set the expiration time of this cookie. If not
# specified the cookie will become a session cookie
refreshTokenCookie:
maxAge: null #milliseconds
name: "refresh_token"
httpOnly: true
secure: null
path: null
domain: null
# By default the Stormpath integration should respond to JSON and HTML
# requests. If either is removed from configuration, the integration should
# not try to handle the response for the given content type.
produces:
- application/json
- text/html
# The order of locations that getUser() will search for an access token when
# attempting to resolve the user for the request
getUser:
accessTokenSearchLocations:
- header
- cookie
register:
enabled: true
uri: "/register"
nextUri: "/"
# autoLogin is possible only if the email verification feature is disabled
# on the default account store of the defined Stormpath application.
autoLogin: false
form:
fields:
givenName:
enabled: true
label: "First Name"
placeholder: "First Name"
required: true
type: "text"
middleName:
enabled: false
label: "Middle Name"
placeholder: "Middle Name"
required: true
type: "text"
surname:
enabled: true
label: "Last Name"
placeholder: "Last Name"
required: true
type: "text"
username:
enabled: false
label: "Username"
placeholder: "Username"
required: true
type: "text"
email:
enabled: true
label: "Email"
placeholder: "Email"
required: true
type: "email"
password:
enabled: true
label: "Password"
placeholder: "Password"
required: true
type: "password"
confirmPassword:
enabled: false
label: "Confirm Password"
placeholder: "Confirm Password"
required: true
type: "password"
fieldOrder:
- "username"
- "givenName"
- "middleName"
- "surname"
- "email"
- "password"
- "confirmPassword"
view: "register"
# Unless verifyEmail.enabled is specifically set to false, the email
# verification feature must be automatically enabled if the default account
# store for the defined Stormpath application has the email verification
# workflow enabled.
verifyEmail:
enabled: null
uri: "/verify"
nextUri: "/login"
view: "verify"
login:
enabled: true
uri: "/login"
nextUri: "/"
view: "login"
form:
fields:
login:
enabled: true
label: "Username or Email"
placeholder: "Username or Email"
required: true
type: "text"
password:
enabled: true
label: "Password"
placeholder: "Password"
required: true
type: "password"
fieldOrder:
- "login"
- "password"
organizationSelect:
view: "organization-select"
form:
fields:
organizationNameKey:
label: "Enter your organization name to continue"
placeholder: "e.g. my-company"
logout:
enabled: true
uri: "/logout"
nextUri: "/"
# Unless forgotPassword.enabled is explicitly set to false, this feature
# will be automatically enabled if the default account store for the defined
# Stormpath application has the password reset workflow enabled.
forgotPassword:
enabled: null
uri: "/forgot"
view: "forgot-password"
nextUri: "/login?status=forgot"
# Unless changePassword.enabled is explicitly set to false, this feature
# will be automatically enabled if the default account store for the defined
# Stormpath application has the password reset workflow enabled.
changePassword:
enabled: null
autoLogin: false
uri: "/change"
nextUri: "/login?status=reset"
view: "change-password"
errorUri: "/forgot?status=invalid_sptoken"
# If idSite.enabled is true, the user should be redirected to ID site for
# login, registration, and password reset. They should also be redirected
# through ID Site on logout.
idSite:
enabled: false
uri: "/idSiteResult"
nextUri: "/"
loginUri: ""
forgotUri: "/#/forgot"
registerUri: "/#/register"
# Social login configuration. This defines the callback URIs for OAuth
# flows, and the scope that is requested of each provider. Some providers
# want space-separated scopes, some want comma-separated. As such, these
# string values should be passed directly, as defined.
#
# These settings have no effect if the application does not have an account
# store for the given provider.
social:
facebook:
uri: "/callbacks/facebook"
scope: "email openid profile"
google:
uri: "/callbacks/google"
scope: "email profile openid"
linkedin:
uri: "/callbacks/linkedin"
scope: "r_basicprofile r_emailaddress"
# The /me route is for front-end applications, it returns a JSON object with
# the current user object. The developer can opt-in to expanding account
# resources on this enpdoint.
me:
enabled: true
uri: "/me"
expand:
apiKeys: false
applications: false
customData: false
directory: false
groupMemberships: false
groups: false
providerData: false
tenant: false
# If the developer wants our integration to serve their Single Page
# Application (SPA) in response to HTML requests for our default routes,
# such as /login, then they will need to enable this feature and tell us
# where the root of their SPA is. This is likely a file path on the
# filesystem.
#
# If the developer does not want our integration to handle their SPA, they
# will need to configure the framework themselves and remove 'text/html'
# from `stormpath.web.produces`, so that we don't serve our default
# HTML views.
spa:
enabled: false
view: null
unauthorized:
view: "unauthorized"