Auth Bearer Service Configuration
Configuration
Environment Variables
The auth-bearer
service is configured via the following environment variables:
Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
---|
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9149 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9148 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the encoding of the user’s group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups. |
|
string |
https://localhost:9200 |
URL of the OIDC issuer. It defaults to URL of the builtin IDP. |
|
bool |
false |
Allow insecure connections to the OIDC issuer. |
|
string |
preferred_username |
Name of the claim, which holds the user identifier. |
|
string |
|
Name of the claim, which holds the UID. |
|
string |
|
Name of the claim, which holds the GID. |
Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
---|
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9149 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9148 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the encoding of the user’s group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups. |
|
string |
https://localhost:9200 |
URL of the OIDC issuer. It defaults to URL of the builtin IDP. |
|
bool |
false |
Allow insecure connections to the OIDC issuer. |
|
string |
preferred_username |
Name of the claim, which holds the user identifier. |
|
string |
|
Name of the claim, which holds the UID. |
|
string |
|
Name of the claim, which holds the GID. |
Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
---|---|---|---|
REVA_GATEWAY changing name for consistency |
3.0 |
4.0.0 |
OCIS_REVA_GATEWAY |
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9149 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9148 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the encoding of the user’s group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups. |
|
string |
https://localhost:9200 |
URL of the OIDC issuer. It defaults to URL of the builtin IDP. |
|
bool |
false |
Allow insecure connections to the OIDC issuer. |
|
string |
preferred_username |
Name of the claim, which holds the user identifier. |
|
string |
|
Name of the claim, which holds the UID. |
|
string |
|
Name of the claim, which holds the GID. |
YAML Example
Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.
# Autogenerated
# Filename: auth-bearer-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9149
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9148
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: com.owncloud.api.gateway
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
oidc:
issuer: https://localhost:9200
insecure: false
id_claim: preferred_username
uid_claim: ""
gid_claim: ""
# Autogenerated
# Filename: auth-bearer-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9149
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9148
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: com.owncloud.api.gateway
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
oidc:
issuer: https://localhost:9200
insecure: false
id_claim: preferred_username
uid_claim: ""
gid_claim: ""
# Autogenerated
# Filename: auth-bearer-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9149
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9148
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: 127.0.0.1:9142
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
oidc:
issuer: https://localhost:9200
insecure: false
id_claim: preferred_username
uid_claim: ""
gid_claim: ""