# Vouch Proxy configuration
# bare minimum to get Vouch Proxy running with adfs

vouch:
  # set allowAllUsers: true to use Vouch Proxy to just accept anyone who can authenticate to ADFS
  allowAllUsers: true

  cookie:
    # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) 
    # secure: false
    # vouch.cookie.domain must be set when enabling allowAllUsers
    #  domain: yourdomain.com


oauth:
  provider: adfs
  client_id: k8s
  client_secret: sauceSecret
  auth_url: https://adfs.yourdomain.com/adfs/oauth2/authorize/
  token_url: https://adfs.yourdomain.com/adfs/oauth2/token/
  # vouch-proxy use RedirectURL as relying party identifier by default, if you want a custom one:
  # see https://github.com/vouch/vouch-proxy/issues/189
  # relying_party_id:  487d8ff7-80a8-4f62-b926-c2852ab06e94
  scopes:
    - openid
    - email
    - profile
  callback_url: https://vouch.yourdomain.com/auth