argos/dmp-backend/web/src/main/resources/config/security.yml

web:
  security:
    enabled: true
    authorized-endpoints: [ api ]
    allowed-endpoints: [ api/public, api/dmp/public, api/description/public, /api/supportive-material/public, api/language/public, api/contact-support/public, api/dashboard/public, prometheus, health, metrics ]
    idp:
      api-key:
        enabled: false
      resource:
        token-type: JWT #| opaque
        jwt:
          claims: [ role, x-role ]
          issuer-uri: ${IDP_ISSUER_URI:}
          audiences: [ "dmp_web" ]
          validIssuer: ${IDP_ISSUER_URI:}