Mikkel Georgsen
a22ba48709
- Add setup-zitadel.sh: idempotent script that creates PVM project and OIDC app via Zitadel Management API using machine user PAT - Add machine user + PAT auto-generation to docker-compose via FIRSTINSTANCE env vars with bind-mounted machinekey directory - Add SMTP configuration for email sending (verification, password reset) - Fix JWT algorithm confusion attack: restrict to RS256/384/512 only - Add docs/TODO_SECURITY.md tracking review findings - Update .env.example files with correct local dev URLs - Add docker/machinekey/ to .gitignore Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
17 lines
556 B
Text
17 lines
556 B
Text
# Zitadel OIDC Configuration
|
|
# For local dev, run: ./docker/setup-zitadel.sh (auto-generates this file)
|
|
AUTH_ZITADEL_ISSUER=http://localhost:8080
|
|
AUTH_ZITADEL_CLIENT_ID=your-client-id
|
|
AUTH_ZITADEL_CLIENT_SECRET=your-client-secret
|
|
|
|
# Auth.js secret (generate with: openssl rand -base64 32)
|
|
AUTH_SECRET=your-auth-secret
|
|
|
|
# Backend API URL
|
|
PUBLIC_API_URL=http://localhost:3001
|
|
|
|
# Zitadel account management URL (for password/MFA changes)
|
|
PUBLIC_ZITADEL_ACCOUNT_URL=http://localhost:8080/ui/console
|
|
|
|
# App URL (for OIDC redirects)
|
|
ORIGIN=http://localhost:5173
|