# Vouch Proxy configuration
# bare minimum to get Vouch Proxy running with HomeAssistant

vouch:
  # logLevel: debug
  logLevel: info
  
  # domains:
  # valid domains that the jwt cookies can be set into
  # the callback_urls will be to these domains
  domains:
  - yourdomain.com

  # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at Gitea
  # allowAllUsers: true

  # cookie:
    # secure: false           # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) 
    # domain: yourdomain.com  # vouch.cookie.domain must be set when enabling allowAllUsers


  # whiteList - (optional) allows only the listed usernames
  # usernames are usually email addresses (google, most oidc providers) or login/username for github and github enterprise
  # using static value for HomeAssistant
  whiteList:
  - homeassistant

oauth:
  # HomeAssistant Auth
  # HomeAssistant typically uses a port in the url (8123 by default) and this maybe required for the auth_url and token_url 
  # depending on your setup of HA
  # https://developers.home-assistant.io/docs/en/auth_api.html
  provider: homeassistant
  client_id: https://vouch.yourdomain.com
  callback_url: https://vouch.yourdomain.com/auth
  auth_url: https://homeassistant.yourdomain.com:port/auth/authorize
  token_url: https://homeassistant.yourdomain.com:port/auth/token