Authorizer Environment Variables

Authorizer server supports the following environment variables

VariableDescriptionRequiredDefault Value
ENVWhich env you are running your server in. Supported envs production, developmenttrueproduction
ADMIN_SECRETSuper admin secret used to access the master datatrue
DATABASE_TYPEWhich database you are using. Supported database types are postgres, mysql, sqlite, sqlserver, mongodb,arangodb, yugabyte, mariadb, cassandradb ,scylladbtrue
DATABASE_URLDatabase connection string. In case of cluster url eg. for cassandra db, you can use comman separated IPs.true
DATABASE_NAMEName of database to connect to. This is useful in case of arangodb and mongodb. If not set, default value will be usedfalseauthorizer
DATABASE_PORTPort on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb typefalse
DATABASE_HOSTHost/IP on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb typefalse
DATABASE_USERNAMEUsername for the database access with permission to create tables and records. At the moment supported by cassandradb,scylladb typefalse
DATABASE_PASSWORDPassword for the database access with permission to create tables and records. At the moment supported by cassandradb,scylladb typefalse
DATABASE_CERTBase64 encoded certificate string used to make SSL connection. At the moment supported by cassandradb,scylladb typefalse
DATABASE_CERT_KEYBase64 encoded key string used to make SSL connection. At the moment supported by cassandradb,scylladb typefalse
DATABASE_CA_CERTBase64 encoded CA certificate string used to make SSL connection. At the moment supported by cassandradb,scylladb typefalse
PORTPort on which server should be runningtrue8080
AUTHORIZER_URLDomain name of the server, eg https://authorizer.herokuapp.comfalse
REDIS_URLRedis URL where sessions can be persistedfalsesessions will be stored in memory
COOKIE_NAMEName of cookie to be set by servertrueauthorizer
SMTP_HOSTSMTP host is used to send email verification emails and forgot password emailsfalseIf not set email sending can fail
SMTP_PORTSMTP Port is used along with SMTP hostfalse
SMTP_USERNAMEUsername for your smtp providerfalse
SMTP_PASSWORDPassword for your smt providerfalse
SENDER_EMAILEmail to be used in From section while sending emailsfalse
GOOGLE_CLIENT_IDOAuth Google login client idfalse
GOOGLE_CLIENT_SECRETOAuth Google login client secretfalse
GITHUB_CLIENT_IDOAuth Github login client idfalse
GITHUB_CLIENT_SECRETOAuth Github login client secretfalse
FACEBOOK_CLIENT_IDOAuth Facebook login client idfalse
FACEBOOK_CLIENT_SECRETOAuth Facebook login client secretfalse
RESET_PASSWORD_URLReset password link, that can be used to send the correct forgot password linktrue/reset-password
DISABLE_BASIC_AUTHENTICATIONUsed to explicitly disable email and password based authenticationfalsefalse
DISABLE_EMAIL_VERIFICATIONUsed to disable the email verification while signing upfalsefalse
DISABLE_MAGIC_LINK_LOGINUsed to disable the password less login upfalsefalse
DISABLE_LOGIN_PAGEUsed to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login pagefalsefalse
DISABLE_SIGN_UPUsed to disable the sing up feature. It is useful when you want to have beta release of your product and invite only limited usersfalsefalse
ROLESComma separated list of roles that your platform supportstrueuser,admin
DEFAULT_ROLESComma separated list of roles that acts as Default roles which you would like to assign to users while they signup /logintrue[user]
PROTECTED_ROLESComma separated list of roles for which signup should be disabled. Example admin roles. This roles can only assigned manually via super admin like adminUpdateProfile.false
JWT_ROLE_CLAIMClaim key that will be part of JWT tokentruerole
ORGANIZATION_NAMEName of organization that you want on default login pagefalseAuthorizer
ORGANIZATION_LOGOLogo of organization that you want on default login pagefalseAuthorizer Logo
CUSTOM_ACCESS_TOKEN_SCRIPTJavascript function to add extra keys to your JWT access token. This feature is developed using otto and only supports writing function in ES5. Check the sample here.false
ACCESS_TOKEN_EXPIRY_TIMETime interval for how long access token will be expired in 1h15m15s formatfalse30m

It is expected for this variable to be present as system env or .env at the root of project. You can also pass env_file as command line argument. Example:

make && ./build/server --env_file=.env.local