-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
74 lines (61 loc) · 2.13 KB
/
.env.example
File metadata and controls
74 lines (61 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# NODE
NODE_ENV=development
# SERVER
HOST=0.0.0.0
PORT=5312
# APPLICATION
APP_NAME=Seamless Auth Example
APP_ID=local-dev
# Who can call this server
APP_ORIGINS=http://localhost:3000
ISSUER=http://localhost:5312
# "web" for website to auth server, "server" for api server to auth server auth
AUTH_MODE=server
# Roles assigned to every new user
DEFAULT_ROLES=user,betaUser
# Roles that are allowed in the system
AVAILABLE_ROLES=user,admin,betaUser,team
# DATABASE
# Prefer DATABASE_URL in containers and hosted environments if you already have one.
# DATABASE_URL=postgres://myuser:mypassword@localhost:5432/seamless_auth
# Set to true to see SQL from both the running app and startup migrations.
DB_LOGGING=false
DB_HOST=localhost
DB_PORT=5432
DB_NAME=seamless_auth
DB_USER=myuser
DB_PASSWORD=mypassword
# AUTH CONFIGURATION
ACCESS_TOKEN_TTL=30m
REFRESH_TOKEN_TTL=1h
RATE_LIMIT=100
DELAY_AFTER=50
# SERVICE TOKENS
# Required when AUTH_MODE=server.
API_SERVICE_TOKEN=32-byte-hex-string
# Optional dedicated secret for indexed refresh-token lookup fingerprints.
# If unset, the server falls back to API_SERVICE_TOKEN, and in development only
# it will use a derived local secret.
REFRESH_TOKEN_LOOKUP_SECRET=
# WEBAUTHN
RPID=localhost
ORIGINS=http://localhost:5173,http://localhost:5174
# ADMIN BOOTSTRAP
SEAMLESS_BOOTSTRAP_ENABLED=true
SEAMLESS_BOOTSTRAP_SECRET=dev-bootstrap-secret-123
# OPTIONAL DIRECT DELIVERY
# Needed only if this auth API sends OTPs or magic links itself.
# Not needed when a SeamlessAuth server adapter handles external delivery.
# Set to true to exercise direct email/SMS delivery even when NODE_ENV=development.
MESSAGING_ENABLE_IN_DEV=false
MESSAGING_AWS_REGION=us-east-1
MESSAGING_EMAIL_FROM=noreply@example.com
MESSAGING_SMS_PROVIDER=aws
MESSAGING_SMS_FROM=
MESSAGING_TWILIO_ACCOUNT_SID=
MESSAGING_TWILIO_AUTH_TOKEN=
# PRODUCTION SIGNING AND JWKS SECRETS
# Required when NODE_ENV=production.
# SEAMLESS_JWKS_ACTIVE_KID=main-2026-04
# SEAMLESS_JWKS_KEY_main-2026-04_PRIVATE="-----BEGIN PRIVATE KEY-----..."
# JWKS_PUBLIC_KEYS={"keys":[{"kid":"main-2026-04","pem":"-----BEGIN PUBLIC KEY-----...","createdAt":"2026-04-22T00:00:00.000Z"}]}