config.security.yml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of oauth-code Show documentation
Show all versions of oauth-code Show documentation
A microservice server that authenticates and redirects authorization code.
# Security configuration in light framework.
---
# Enable JWT verification flag.
enableVerifyJwt: ${security.enableVerifyJwt:false}
# Enable JWT scope verification. Only valid when enableVerifyJwt is true.
enableVerifyScope: ${security.enableVerifyScope:true}
# User for test only. should be always be false on official environment.
enableMockJwt: ${security.enableMockJwt:false}
# JWT signature public certificates. kid and certificate path mappings.
jwt:
certificate:
'100': primary.crt
'101': secondary.crt
clockSkewInSeconds: 60
# Enable or disable JWT token logging
logJwtToken: ${security.logJwtToken:true}
# Enable or disable client_id, user_id and scope logging.
logClientUserScope: ${security.logClientUserScope:false}
# If OAuth2 provider support http2 protocol. If using light-oauth2, set this to true.
oauthHttp2Support: ${security.oauthHttp2Support:true}
# Enable JWT token cache to speed up verification. This will only verify expired time
# and skip the signature verification as it takes more CPU power and long time.
enableJwtCache: ${security.enableJwtCache:true}