# Vouch Proxy configuration
# bare minimum to get Vouch Proxy running with SecureAuth OpenID Connect

vouch:
  domains:
  - yourdomain.com

  # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate at Gitea
  # allowAllUsers: true

  # cookie:
    # secure: false
    # vouch.cookie.domain must be set when enabling allowAllUsers
    # domain: yourdomain.com

oauth:
  # SecureAuth OpenID Connect
  provider: oidc
  client_id: XXXXXXXXXXXXXXX
  client_secret: XXXXXXXXXXXXXXXXXXXXXX
  auth_url: https://<SecureAuth FQDN>/SecureAuth<XX>/SecureAuth.aspx
  token_url: https://<SecureAuth FQDN>/SecureAuth<XX>/OidcToken.aspx
  user_info_url: https://<SecureAuth FQDN>/SecureAuth<XX>/OidcUserInfo.aspx
  scopes:
    - openid
    - email
    - profile
  # callback_url needs to be set as a "redirect url" on the SecureAuth Post Auth tab 
  callback_url: https://<vouch>.<domain.com>/auth