baron-sso/docker/ory/kratos/kratos.yml

version: v26.2.0

dsn: ${DSN}

serve:
    public:
        base_url: ${KRATOS_BROWSER_URL}
        cors:
            enabled: true
            allowed_origins:
                - ${USERFRONT_URL}
                - ${ADMINFRONT_URL}
                - ${DEVFRONT_URL}
                - ${ORGFRONT_URL}
                - http://backend:3000
                - http://baron_backend:3000
    admin:
        base_url: ${KRATOS_ADMIN_URL}

session:
    cookie:
        domain: hmac.kr
        same_site: Lax
        path: /

selfservice:
    default_browser_return_url: ${KRATOS_UI_URL}
    allowed_return_urls:
        - ${KRATOS_UI_URL}
        - ${KRATOS_UI_URL}/
        - ${USERFRONT_URL}
        - ${USERFRONT_URL}/
        - ${USERFRONT_URL}/ko
        - ${USERFRONT_URL}/ko/
        - ${USERFRONT_URL}/en
        - ${USERFRONT_URL}/en/
        - ${USERFRONT_URL}/auth/callback
        - ${USERFRONT_URL}/ko/auth/callback
        - ${USERFRONT_URL}/en/auth/callback
        - ${ADMINFRONT_URL}/auth/callback
        - ${DEVFRONT_URL}/auth/callback
        - ${ORGFRONT_URL}/auth/callback

    methods:
        password:
            enabled: true
        link:
            enabled: true
        code:
            enabled: true
            passwordless_enabled: true

    flows:
        error:
            ui_url: ${KRATOS_UI_URL}/error
        settings:
            ui_url: ${KRATOS_UI_URL}/error?error=settings_disabled
            privileged_session_max_age: 15m
        recovery:
            ui_url: ${KRATOS_UI_URL}/recovery
            use: code
        verification:
            ui_url: ${KRATOS_UI_URL}/verification
            use: code
        logout:
            after:
                default_browser_return_url: ${KRATOS_UI_URL}/login
        login:
            ui_url: ${KRATOS_UI_URL}/login
            lifespan: 10m
        registration:
            ui_url: ${KRATOS_UI_URL}/registration
            lifespan: 10m

log:
    level: debug
    format: text
    leak_sensitive_values: true

secrets:
    cookie:
        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
    cipher:
        - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
    algorithm: xchacha20-poly1305

hashers:
    algorithm: bcrypt
    bcrypt:
        cost: 8

identity:
    default_schema_id: default
    schemas:
        - id: default
          url: file:///etc/config/kratos/identity.schema.json

courier:
    template_override_path: /etc/config/kratos/courier-templates
    delivery_strategy: http
    http:
        request_config:
            url: http://baron_backend:3000/api/v1/auth/webhooks/kratos-courier
            method: POST
            body: file:///etc/config/kratos/courier-http.jsonnet
            headers:
                Content-Type: application/json
    smtp:
        connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true