joakim
4eb18388db
- Add OAuth2 client for Authentik integration - Implement JWT token generation and validation - Add refresh token support with database storage - Update database schema with oauth_subject, oauth_provider, and refresh_tokens table - Create auth package with config, jwt, oauth, and token management - Add OAuth endpoints: /auth/login, /auth/callback, /auth/refresh, /auth/logout - Update AuthMiddleware to support both JWT and API key authentication - Add user helper functions for OAuth user creation and retrieval - Add .env.example with OAuth configuration template API keys still work for CLI compatibility while JWT tokens support web/mobile clients.
20 lines
480 B
Bash
20 lines
480 B
Bash
# Server Configuration
|
|
SERVER_ADDR=:8080
|
|
|
|
# Database
|
|
OPAL_DB_PATH=/var/lib/opal/opal.db
|
|
|
|
# OAuth2 / Authentik
|
|
OAUTH_ENABLED=true
|
|
OAUTH_ISSUER=https://auth.example.com/application/o/opal/
|
|
OAUTH_CLIENT_ID=your_client_id_here
|
|
OAUTH_CLIENT_SECRET=your_client_secret_here
|
|
OAUTH_REDIRECT_URI=https://opal.example.com/auth/callback
|
|
|
|
# JWT Configuration
|
|
JWT_SECRET=generate_random_secret_with_openssl_rand_hex_32
|
|
JWT_EXPIRY=3600
|
|
|
|
# Refresh Token Configuration
|
|
REFRESH_TOKEN_EXPIRY=604800
|