oauth2-proxy.env

# general
OAUTH2_PROXY_HTTP_ADDRESS=:4180
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=false
OAUTH2_PROXY_REVERSE_PROXY=true

# cookie
OAUTH2_PROXY_COOKIE_NAME=_hello_oauth2
OAUTH2_PROXY_COOKIE_REFRESH=55s
OAUTH2_PROXY_COOKIE_SAMESITE=strict

# provider
OAUTH2_PROXY_PROVIDER=keycloak-oidc
OAUTH2_PROXY_OIDC_ISSUER_URL=http://keycloak:8009/realms/hello
OAUTH2_PROXY_CLIENT_ID=${OAUTH2_PROXY_CLIENT_ID:-hello-oauth2-proxy}
OAUTH2_PROXY_CLIENT_SECRET=${OAUTH2_PROXY_CLIENT_SECRET:-weakkeycloakclientsecret}
OAUTH2_PROXY_REDIRECT_URL=http://localhost:4180/oauth2/callback
OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET:-weakcookiesecret}

## skip OIDC discovery and manually configure keycloak urls 
## (required to make this work in mixed docker network and localhost setup)
OAUTH2_PROXY_SKIP_OIDC_DISCOVERY=true
OAUTH2_PROXY_INSECURE_OIDC_SKIP_ISSUER_VERIFICATION=true
OAUTH2_PROXY_LOGIN_URL=${KEYCLOAK_REALM_URL:-http://localhost:8009/realms/hello}/protocol/openid-connect/auth
OAUTH2_PROXY_OIDC_JWKS_URL=${KEYCLOAK_REALM_URL:-http://keycloak:8009/realms/hello}/protocol/openid-connect/certs
OAUTH2_PROXY_REDEEM_URL=${KEYCLOAK_REALM_URL:-http://keycloak:8009/realms/hello}/protocol/openid-connect/token

# authentication
OAUTH2_PROXY_SCOPE=openid email profile roles

# authorization
OAUTH2_PROXY_EMAIL_DOMAINS=*
#OAUTH2_PROXY_ALLOWED_ROLES=approved
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true

# headers
OAUTH2_PROXY_PASS_USER_HEADERS=true
OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true

# logging
OAUTH2_PROXY_REQUEST_LOGGING=true
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=true

# allow redirect to domains
OAUTH2_PROXY_WHITELIST_DOMAINS=localhost:8009

# session cache
OAUTH2_PROXY_SESSION_STORE_TYPE=redis
OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://oauth2-proxy-redis-cache
OAUTH2_PROXY_REDIS_PASSWORD=${OAUTH2_PROXY_REDIS_PASSWORD:-weakredispassword}
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR="true"

# routing
OAUTH2_PROXY_API_ROUTES=^/api/,^/assets/
#OAUTH2_PROXY_UPSTREAMS=http://app:8000