# --- 1. Provider Configuration ---

## GitHub OAuth2 Configuration
# provider = "github"
# client_id = "Ov23liA8Pj1NqKm5HgqR"
# client_secret = "3b5015ef53b81d94ff9414a55be1252508d70795"
# scope = "user:email"
# email_domains = ["*"]  # Allow any email domain (since restriction is handled by github_org)
# github_org = "diukman" # Restrict access to members of this GitHub Organization

## Google OAuth2 Configuration
provider = "google"
client_id = "908518725447-1pbdp071t2b07p66fv0n845n3nrbeu0k.apps.googleusercontent.com"
client_secret = "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"
scope = "openid profile email"

# --- 2. OAuth2 Proxy Configuration ---
upstreams = "static://200"
http_address = "0.0.0.0:4180"
redirect_url = "https://auth.diukman.com/oauth2/callback"

set_xauthrequest = true
# --- 3. Cookie Configuration ---
cookie_secret = "0MuGA07eq7PqfEBQXV_mkRxPsHb4VsuwlEka5A4dExg="
cookie_domains = [ ".diukman.com", "diukman.com" ]
cookie_httponly = true
cookie_secure = true
cookie_samesite = "none"
cookie_expire = "168h" # Cookie expiry time (7 days)

# --- 5. Email Whitelisting ---
authenticated_emails_file = "/etc/allowed_emails.txt"
# --- 6. Domain redirection Whitelisting ---
whitelist_domains = ["*.diukman.com", "diukman.com"]
pass_host_header = true # Pass the Host header from the client to the upstream server