argos/dmp-backend/web/src/main/resources/config/security.yml

web:
  security:
    enabled: true
    authorized-endpoints: [ api ]
    allowed-endpoints: [ api/public ]
    idp:
      api-key:
        enabled: true
        authorization-header: Authorization
        client-id: ${IDP_APIKEY_CLIENT_ID:}
        client-secret: ${IDP_APIKEY_CLIENT_SECRET:}
        scope: ${IDP_APIKEY_SCOPE:}
      resource:
        opaque:
          client-id: ${IDP_OPAQUE_CLIENT_ID:}
          client-secret: ${IDP_OPAQUE_CLIENT_SECRET:}
        jwt:
          claims: [ role, x-role ]

autouser:
  root:
    email: ${AUTOUSER_EMAIL:}
    username: ${AUTOUSER_USER:}
    password: ${AUTOUSER_PASS:}

facebook:
  login:
    clientId: ${FACEBOOK_CLIENT_ID:}
    clientSecret: ${FACEBOOK_CLIENT_SECRET:}
    namespace: ${FACEBOOK_NAMESPACE:}

google:
  login:
    clientId: ${GOOGLE_CLIENT_ID:}

linkedin:
  login:
    clientId: ${LINKEDIN_CLIENT_ID:}
    clientSecret: ${LINKEDIN_CLIENT_SECRET:}
    redirect_uri: http://localhost:4200/login/linkedin
    user_info_url: https://api.linkedin.com/v2/me
    user_email: https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
    access_token_url: https://www.linkedin.com/uas/oauth2/accessToken

twitter:
  login:
    clientId: ${TWITTER_CLIENT_ID:}
    clientSecret: ${TWITTER_CLIENT_SECRET:}
    redirect_uri: http://localhost:4200/login/twitter

b2access:
  externallogin:
    user_info_url: https://b2access-integration.fz-juelich.de:443/oauth2/userinfo
    access_token_url: https://b2access-integration.fz-juelich.de:443/oauth2/token
    redirect_uri: http://opendmp.eu/api/oauth/authorized/b2access
    clientid: ${B2ACCESS_CLIENT_ID:}
    clientSecret: ${B2ACCESS_CLIENT_SECRET:}

zenodo:
  affiliation: ARGOS
  community: argos
  login:
    access_token_url: ${ZENODO_ACCESS_TOKEN_URL:}
    client_id: ${ZENODO_CLIENT_ID:}
    client_secret: ${ZENODO_CLIENT_SECRET:}
    redirect_uri: http://localhost:4200/login/external/zenodo

orcid:
  login:
    client_id: ${ORCID_CLIENT_ID:}
    client_secret: ${ORCID_CLIENT_SECRET:}
    access_token_url: https://orcid.org/oauth/token
    redirect_uri: http://localhost:4200/login/external/orcid

openaire:
  login:
    client_id: ${OPENAIRE_CLIENT_ID:}
    client_secret: ${OPENAIRE_CLIENT_SECRET:}
    access_token_url: ${OPENAIRE_ACCESS_TOKEN_URL:}
    redirect_uri: ${OPENAIRE_REDIRECT_URI:}
    user_info_url: ${OPENAIRE_USER_INFO_URI:}
authn refactor 2023-10-11 16:53:12 +02:00			`web:`
			`security:`
			`enabled: true`
			`authorized-endpoints: [ api ]`
			`allowed-endpoints: [ api/public ]`
			`idp:`
			`api-key:`
			`enabled: true`
			`authorization-header: Authorization`
			`client-id: ${IDP_APIKEY_CLIENT_ID:}`
			`client-secret: ${IDP_APIKEY_CLIENT_SECRET:}`
			`scope: ${IDP_APIKEY_SCOPE:}`
			`resource:`
			`opaque:`
			`client-id: ${IDP_OPAQUE_CLIENT_ID:}`
			`client-secret: ${IDP_OPAQUE_CLIENT_SECRET:}`
			`jwt:`
			`claims: [ role, x-role ]`

Separate configuration to different files 2023-10-10 15:49:48 +02:00			`autouser:`
			`root:`
			`email: ${AUTOUSER_EMAIL:}`
			`username: ${AUTOUSER_USER:}`
			`password: ${AUTOUSER_PASS:}`

			`facebook:`
			`login:`
			`clientId: ${FACEBOOK_CLIENT_ID:}`
			`clientSecret: ${FACEBOOK_CLIENT_SECRET:}`
			`namespace: ${FACEBOOK_NAMESPACE:}`

			`google:`
			`login:`
			`clientId: ${GOOGLE_CLIENT_ID:}`

			`linkedin:`
			`login:`
			`clientId: ${LINKEDIN_CLIENT_ID:}`
			`clientSecret: ${LINKEDIN_CLIENT_SECRET:}`
			`redirect_uri: http://localhost:4200/login/linkedin`
			`user_info_url: https://api.linkedin.com/v2/me`
			`user_email: https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))`
			`access_token_url: https://www.linkedin.com/uas/oauth2/accessToken`

			`twitter:`
			`login:`
			`clientId: ${TWITTER_CLIENT_ID:}`
			`clientSecret: ${TWITTER_CLIENT_SECRET:}`
			`redirect_uri: http://localhost:4200/login/twitter`

			`b2access:`
			`externallogin:`
			`user_info_url: https://b2access-integration.fz-juelich.de:443/oauth2/userinfo`
			`access_token_url: https://b2access-integration.fz-juelich.de:443/oauth2/token`
			`redirect_uri: http://opendmp.eu/api/oauth/authorized/b2access`
			`clientid: ${B2ACCESS_CLIENT_ID:}`
			`clientSecret: ${B2ACCESS_CLIENT_SECRET:}`

			`zenodo:`
			`affiliation: ARGOS`
			`community: argos`
			`login:`
			`access_token_url: ${ZENODO_ACCESS_TOKEN_URL:}`
			`client_id: ${ZENODO_CLIENT_ID:}`
			`client_secret: ${ZENODO_CLIENT_SECRET:}`
			`redirect_uri: http://localhost:4200/login/external/zenodo`

			`orcid:`
			`login:`
			`client_id: ${ORCID_CLIENT_ID:}`
			`client_secret: ${ORCID_CLIENT_SECRET:}`
			`access_token_url: https://orcid.org/oauth/token`
			`redirect_uri: http://localhost:4200/login/external/orcid`

			`openaire:`
			`login:`
			`client_id: ${OPENAIRE_CLIENT_ID:}`
			`client_secret: ${OPENAIRE_CLIENT_SECRET:}`
			`access_token_url: ${OPENAIRE_ACCESS_TOKEN_URL:}`
			`redirect_uri: ${OPENAIRE_REDIRECT_URI:}`
			`user_info_url: ${OPENAIRE_USER_INFO_URI:}`