# Server Configuration
PORT=3000
NODE_ENV=development

# Keycloak OpenID Connect Configuration
# The base URL of your Keycloak server (e.g., https://keycloak.example.com)
KEYCLOAK_AUTH_SERVER_URL=https://your-keycloak-instance.com/auth

# The Keycloak realm name
KEYCLOAK_REALM=your-realm-name

# The client ID registered in Keycloak for this application
KEYCLOAK_CLIENT_ID=friendolls-api

# The client secret (required if the client is confidential)
# Leave empty if using a public client
KEYCLOAK_CLIENT_SECRET=

# JWT Configuration
# The expected issuer of the JWT token (usually {KEYCLOAK_AUTH_SERVER_URL}/realms/{KEYCLOAK_REALM})
JWT_ISSUER=https://your-keycloak-instance.com/auth/realms/your-realm-name

# The expected audience in the JWT token (usually the client ID)
JWT_AUDIENCE=friendolls-api

# JWKS URI for fetching public keys to verify JWT signatures
# Format: {KEYCLOAK_AUTH_SERVER_URL}/realms/{KEYCLOAK_REALM}/protocol/openid-connect/certs
JWKS_URI=https://your-keycloak-instance.com/auth/realms/your-realm-name/protocol/openid-connect/certs