Authorizer Environment Variables
Authorizer server supports the following environment variables
| Variable | Description | Required | Default Value |
|---|---|---|---|
ENV | Which env you are running your server in. Supported envs production, development | true | production |
ADMIN_SECRET | Super admin secret used to access the master data | true | |
DATABASE_TYPE | Which database you are using. Supported database types are postgres, mysql, planetscale, sqlite, sqlserver, mongodb, arangodb, yugabyte, mariadb, cassandradb, scylladb, couchbase, dynamodb | true | |
DATABASE_URL | Database connection string. In case of cluster url eg. for cassandra db, you can use comma separated IPs. | true | |
DATABASE_NAME | Name of database to connect to. This is useful in case of arangodb (opens in a new tab) and mongodb (opens in a new tab). If not set, default value will be used | false | authorizer |
DATABASE_PORT | Port on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb type | false | |
DATABASE_HOST | Host/IP on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb type | false | |
DATABASE_USERNAME | Username for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb type | false | |
DATABASE_PASSWORD | Password for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb type | false | |
DATABASE_CERT | Base64 encoded certificate string used to make SSL connection. At the moment supported by cassandradb,scylladb type | false | |
DATABASE_CERT_KEY | Base64 encoded key string used to make SSL connection. At the moment supported by cassandradb,scylladb type | false | |
DATABASE_CA_CERT | Base64 encoded CA certificate string used to make SSL connection. At the moment supported by cassandradb, scylladb type | false | |
PORT | Port on which server should be running | true | 8080 |
AUTHORIZER_URL | Domain name of the server, eg https://authorizer.herokuapp.com | false | |
REDIS_URL | Redis URL where sessions can be persisted | false | sessions will be stored in memory |
COOKIE_NAME | Name of cookie to be set by server | true | authorizer |
SMTP_HOST | SMTP host is used to send email verification emails and forgot password emails | false | If not set email sending can fail |
SMTP_PORT | SMTP Port is used along with SMTP host | false | |
SMTP_USERNAME | Username for your smtp provider | false | |
SMTP_PASSWORD | Password for your smt provider | false | |
SENDER_EMAIL | Email to be used in From section while sending emails | false | |
SENDER_NAME | Email sender name that is displayed in the inbox instead of just showing the email address | false | |
RESET_PASSWORD_URL | Reset password link, that can be used to send the correct forgot password link | true | /reset-password |
DISABLE_BASIC_AUTHENTICATION | Used to explicitly disable email and password based authentication | false | false |
DISABLE_EMAIL_VERIFICATION | Used to disable the email verification while signing up | false | false |
DISABLE_MAGIC_LINK_LOGIN | Used to disable the password less login up | false | false |
DISABLE_LOGIN_PAGE | Used to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login page | false | false |
DISABLE_SIGN_UP | Used to disable the sign up feature. It is useful when you want to have beta release of your product and invite only limited users | false | false |
DISABLE_PLAYGROUND | To disable playground | false | true |
ROLES | Comma separated list of roles that your platform supports | true | user,admin |
DEFAULT_ROLES | Comma separated list of roles that acts as Default roles which you would like to assign to users while they signup /login | true | [user] |
PROTECTED_ROLES | Comma separated list of roles for which signup should be disabled. Example admin roles. This roles can only assigned manually via super admin like adminUpdateProfile. | false | |
JWT_ROLE_CLAIM | Claim key that will be part of JWT token | true | role |
ORGANIZATION_NAME | Name of organization that you want on default login page | false | Authorizer |
ORGANIZATION_LOGO | Logo of organization that you want on default login page | false | Authorizer Logo (opens in a new tab) |
CUSTOM_ACCESS_TOKEN_SCRIPT | Javascript function to add extra keys to your JWT id token. This feature is developed using otto (opens in a new tab) and only supports writing function in ES5 (opens in a new tab). Check the sample here (opens in a new tab). | false | |
ACCESS_TOKEN_EXPIRY_TIME | Time interval for how long access token will be expired in 1h15m15s format | false | 30m |
AWS_REGION | AWS, region id, where dynamod db tables are to be created. Used with DATABASE_TYPE=dynamodb. | false | - |
AWS_ACCESS_KEY_ID | AWS access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodb | false | - |
AWS_SECRET_ACCESS_KEY | AWS secret access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodb | false | - |
COUCHBASE_BUCKET | Bucket used for couchbase database. Used with DATABASE_TYPE=couchbase | false | authorizer |
COUCHBASE_BUCKET_RAM_QUOTA | RAM Quota for the bucket used for couchbase database. It has to be numeric value only. Used with DATABASE_TYPE=couchbase. | false | 1000 |
COUCHBASE_SCOPE | Scope in which bucket is created. Used with DATABASE_TYPE=couchbase. | false | _default |
GOOGLE_CLIENT_ID | OAuth Google login (opens in a new tab) client id | false | |
GOOGLE_CLIENT_SECRET | OAuth Google login client secret (opens in a new tab) | false | |
GITHUB_CLIENT_ID | OAuth Github login (opens in a new tab) client id | false | |
GITHUB_CLIENT_SECRET | OAuth Github login (opens in a new tab) client secret | false | |
FACEBOOK_CLIENT_ID | OAuth Facebook login (opens in a new tab) client id | false | |
FACEBOOK_CLIENT_SECRET | OAuth Facebook login (opens in a new tab) client secret | false | |
LINKEDIN_CLIENT_ID | OAuth LinkedIn login (opens in a new tab) client id | false | |
LINKEDIN_CLIENT_SECRET | OAuth LinkedIn login (opens in a new tab) client secret | false | |
APPLE_CLIENT_ID | OAuth Apple login (opens in a new tab) client id | false | |
APPLE_CLIENT_SECRET | OAuth Apple login (opens in a new tab) client secret | false | |
TWITTER_CLIENT_ID | OAuth Twitter login (opens in a new tab) client id | false | |
TWITTER_CLIENT_SECRET | OAuth Twitter login (opens in a new tab) client secret | false | |
MICROSOFT_CLIENT_ID | OAuth Microsoft login (opens in a new tab) client id | false | |
MICROSOFT_CLIENT_SECRET | OAuth Microsoft login (opens in a new tab) client secret | false | |
MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID | Microsoft Active Directory Tenant ID obtained from azure portal | false |
It is expected for this variable to be present as system env or .env at the root of project. You can also pass env_file as command line argument. Example:
make && ./build/server --env_file=.env.local