# https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example

vouch:
  # logLevel: debug # VOUCH_LOGLEVEL
  logLevel: debug

  # testing: false - VOUCH_TESTING
  # force all 302 redirects to be rendered as a webpage with a link
  # if you're having problems, turn on testing
#   testing: true

  listen: 0.0.0.0  # VOUCH_LISTEN
  port: 9090       # VOUCH_PORT
  
  # document_root - VOUCH_DOCUMENT_ROOT
  # see README for `Vouch Proxy "in a path"` - https://github.com/vouch/vouch-proxy#vouch-proxy-in-a-path
  document_root: /vouch

  # domains - VOUCH_DOMAINS
  # each of these domains must serve the url https://vouch.$domains[0] https://vouch.$domains[1] ...
  # so that the cookie which stores the JWT can be set in the relevant domain
  # you usually *don't* want to list every individual website that will be protected
  # if you have siteA.internal.yourdomain.com and siteB.internal.yourdomain.com 
  # then your domains should be set as yourdomain.com or perhaps internal.yourdomain.com   
  # usually you'll just have one.
  # Comment `domains:` out if you set allowAllUser:true
  domains:
  - rpg.ascorrea.com
  - localhost
  
  # whiteList (optional) allows only the listed usernames - VOUCH_WHITELIST
  # usernames are usually email addresses (google, most oidc providers) or login/username for github and github enterprise
  whiteList:
  - anthonyscorrea@gmail.com
  - anthony@correa.co
  - bridgetcrase@gmail.com
  - brandonmboo@gmail.com
  - acorre20@gmail.com
  
oauth:

  # Google
  provider: google
  # create new credentials at:
  # https://console.developers.google.com/apis/credentials
  client_id: ...
  client_secret: ...
  callback_urls:
    - https://rpg.ascorrea.com/vouch/auth
    - https://localhost/vouch/auth

  # preferredDomain: yourdomain.com
  # optionally set scopes, defaults to 'email'
  # https://developers.google.com/identity/protocols/googlescopes#google_sign-in
  # scopes:
  #  - email