wind-explorer/friendolls-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

native auth

Browse Source
This commit is contained in:
Adam C
2026-02-11 01:09:08 +08:00
parent 7191035748
commit 94dae77ddd
34 changed files with 650 additions and 1801 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.env.example
View File

@@ -11,17 +11,10 @@ REDIS_HOST=localhost
REDIS_PORT=6379
# JWT Configuration
# Keycloak realm URL (no trailing slash). Example: https://keycloak.example.com/realms/friendolls
JWT_ISSUER=https://your-keycloak-instance.com/auth/realms/your-realm-name
# The expected audience in the JWT token (usually the client ID for this API)
JWT_SECRET=replace-with-strong-random-secret
JWT_ISSUER=friendolls
JWT_AUDIENCE=friendolls-api
JWT_EXPIRES_IN_SECONDS=3600
# Keycloak client used for access tokens
KEYCLOAK_CLIENT_ID=friendolls-api
# Optional: client secret for revoking refresh tokens (omit for public clients)
KEYCLOAK_CLIENT_SECRET=
# JWKS URI for fetching public keys to verify JWT signatures
# Format: {KEYCLOAK_AUTH_SERVER_URL}/realms/{KEYCLOAK_REALM}/protocol/openid-connect/certs
JWKS_URI=https://your-keycloak-instance.com/auth/realms/your-realm-name/protocol/openid-connect/certs
# Temporary migration flow (remove after migration)
ALLOW_LEGACY_PASSWORD=true