dsn: ${DSN} serve: cookies: same_site_mode: Lax admin: cors: enabled: true allowed_origins: - "*" allowed_methods: - POST - GET - PUT - PATCH - DELETE - CONNECT - HEAD - OPTIONS - TRACE allowed_headers: - Authorization - Accept - Content-Type - Content-Length - Accept-Language - Content-Language exposed_headers: - Content-Type - Cache-Control - Expires - Last-Modified - Pragma - Content-Length - Content-Language public: cors: enabled: true allowed_origins: - "*" allowed_methods: - POST - GET - PUT - PATCH - DELETE - CONNECT - HEAD - OPTIONS - TRACE allowed_headers: - Authorization - Accept - Content-Type - Content-Length - Accept-Language - Content-Language exposed_headers: - Content-Type - Cache-Control - Expires - Last-Modified - Pragma - Content-Length - Content-Language allow_credentials: true urls: self: issuer: http://127.0.0.1:4444 consent: http://127.0.0.1:3000/consent login: http://127.0.0.1:3000/login logout: http://127.0.0.1:3000/logout device: verification: http://127.0.0.1:3000/device/verify success: http://127.0.0.1:3000/device/success secrets: system: - ${SECRETS_SYSTEM} webfinger: oidc_discovery: client_registration_url: http://127.0.0.1:4444/oauth2/register oidc: subject_identifiers: supported_types: - pairwise - public pairwise: salt: youReallyNeedToChangeThis dynamic_client_registration: enabled: true ttl: access_token: 15m id_token: 15m