• Core
  • Environment Variables

Authorizer Environment Variables

Authorizer server supports the following environment variables

VariableDescriptionRequiredDefault Value
ENVWhich env you are running your server in. Supported envs production, developmenttrueproduction
ADMIN_SECRETSuper admin secret used to access the master datatrue
DATABASE_TYPEWhich database you are using. Supported database types are postgres, mysql, planetscale, sqlite, sqlserver, mongodb, arangodb, yugabyte, mariadb, cassandradb, scylladb, couchbase, dynamodbtrue
DATABASE_URLDatabase connection string. In case of cluster url eg. for cassandra db, you can use comma separated IPs.true
DATABASE_NAMEName of database to connect to. This is useful in case of arangodb and mongodb. If not set, default value will be usedfalseauthorizer
DATABASE_PORTPort on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb typefalse
DATABASE_HOSTHost/IP on which database connection should be made. This is used when DATABASE_URL is not mentioned. At the moment supported by cassandradb typefalse
DATABASE_USERNAMEUsername for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb typefalse
DATABASE_PASSWORDPassword for the database access with permission to create tables and records. At the moment supported by cassandradb, scylladb typefalse
DATABASE_CERTBase64 encoded certificate string used to make SSL connection. At the moment supported by cassandradb,scylladb typefalse
DATABASE_CERT_KEYBase64 encoded key string used to make SSL connection. At the moment supported by cassandradb,scylladb typefalse
DATABASE_CA_CERTBase64 encoded CA certificate string used to make SSL connection. At the moment supported by cassandradb, scylladb typefalse
PORTPort on which server should be runningtrue8080
AUTHORIZER_URLDomain name of the server, eg https://authorizer.herokuapp.comfalse
REDIS_URLRedis URL where sessions can be persistedfalsesessions will be stored in memory
COOKIE_NAMEName of cookie to be set by servertrueauthorizer
SMTP_HOSTSMTP host is used to send email verification emails and forgot password emailsfalseIf not set email sending can fail
SMTP_PORTSMTP Port is used along with SMTP hostfalse
SMTP_USERNAMEUsername for your smtp providerfalse
SMTP_PASSWORDPassword for your smt providerfalse
SENDER_EMAILEmail to be used in From section while sending emailsfalse
RESET_PASSWORD_URLReset password link, that can be used to send the correct forgot password linktrue/reset-password
DISABLE_BASIC_AUTHENTICATIONUsed to explicitly disable email and password based authenticationfalsefalse
DISABLE_EMAIL_VERIFICATIONUsed to disable the email verification while signing upfalsefalse
DISABLE_MAGIC_LINK_LOGINUsed to disable the password less login upfalsefalse
DISABLE_LOGIN_PAGEUsed to disable the default login page that comes with authorizer instance. This is helpful when user is building their custom login pagefalsefalse
DISABLE_SIGN_UPUsed to disable the sign up feature. It is useful when you want to have beta release of your product and invite only limited usersfalsefalse
ROLESComma separated list of roles that your platform supportstrueuser,admin
DEFAULT_ROLESComma separated list of roles that acts as Default roles which you would like to assign to users while they signup /logintrue[user]
PROTECTED_ROLESComma separated list of roles for which signup should be disabled. Example admin roles. This roles can only assigned manually via super admin like adminUpdateProfile.false
JWT_ROLE_CLAIMClaim key that will be part of JWT tokentruerole
ORGANIZATION_NAMEName of organization that you want on default login pagefalseAuthorizer
ORGANIZATION_LOGOLogo of organization that you want on default login pagefalseAuthorizer Logo
CUSTOM_ACCESS_TOKEN_SCRIPTJavascript function to add extra keys to your JWT id token. This feature is developed using otto and only supports writing function in ES5. Check the sample here.false
ACCESS_TOKEN_EXPIRY_TIMETime interval for how long access token will be expired in 1h15m15s formatfalse30m
AWS_REGIONAWS, region id, where dynamod db tables are to be created. Used with DATABASE_TYPE=dynamodb.false-
AWS_ACCESS_KEY_IDAWS access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodbfalse-
AWS_SECRET_ACCESS_KEYAWS secret access key used for connecting to dynamodb. Make sure access credentials has rights for dynamodb. Used with DATABASE_TYPE=dynamodbfalse-
COUCHBASE_BUCKETBucket used for couchbase database. Used with DATABASE_TYPE=couchbasefalseauthorizer
COUCHBASE_BUCKET_RAM_QUOTARAM Quota for the bucket used for couchbase database. It has to be numeric value only. Used with DATABASE_TYPE=couchbase.false1000
COUCHBASE_SCOPEScope in which bucket is created. Used with DATABASE_TYPE=couchbase.false_default
GOOGLE_CLIENT_IDOAuth Google login client idfalse
GOOGLE_CLIENT_SECRETOAuth Google login client secretfalse
GITHUB_CLIENT_IDOAuth Github login client idfalse
GITHUB_CLIENT_SECRETOAuth Github login client secretfalse
FACEBOOK_CLIENT_IDOAuth Facebook login client idfalse
FACEBOOK_CLIENT_SECRETOAuth Facebook login client secretfalse
LINKEDIN_CLIENT_IDOAuth LinkedIn login client idfalse
LINKEDIN_CLIENT_SECRETOAuth LinkedIn login client secretfalse
APPLE_CLIENT_IDOAuth Apple login client idfalse
APPLE_CLIENT_SECRETOAuth Apple login client secretfalse
TWITTER_CLIENT_IDOAuth Twitter login client idfalse
TWITTER_CLIENT_SECRETOAuth Twitter login client secretfalse
MICROSOFT_CLIENT_IDOAuth Microsoft login client idfalse
MICROSOFT_CLIENT_SECRETOAuth Microsoft login client secretfalse
MICROSOFT_ACTIVE_DIRECTORY_TENANT_IDMicrosoft Active Directory Tenant ID obtained from azure portalfalse

It is expected for this variable to be present as system env or .env at the root of project. You can also pass env_file as command line argument. Example:

make && ./build/server --env_file=.env.local
Last updated on February 26, 2023