27 lines
1.4 KiB
TypeScript
27 lines
1.4 KiB
TypeScript
import { SSOConfig, SSOUserData } from '../types/auth.types';
|
|
|
|
// Use getter functions to read from process.env dynamically
|
|
// This ensures values are read after secrets are loaded from Google Secret Manager
|
|
const ssoConfig: SSOConfig = {
|
|
get jwtSecret() { return process.env.JWT_SECRET || ''; },
|
|
get jwtExpiry() { return process.env.JWT_EXPIRY || '24h'; },
|
|
get refreshTokenExpiry() { return process.env.REFRESH_TOKEN_EXPIRY || '7d'; },
|
|
get sessionSecret() { return process.env.SESSION_SECRET || ''; },
|
|
// Use only FRONTEND_URL from environment - no fallbacks
|
|
get allowedOrigins() {
|
|
return process.env.FRONTEND_URL?.split(',').map(s => s.trim()).filter(Boolean) || [];
|
|
},
|
|
// Okta/Auth0 configuration for token exchange
|
|
get oktaDomain() { return process.env.OKTA_DOMAIN || '{{IDP_DOMAIN}}'; },
|
|
get oktaClientId() { return process.env.OKTA_CLIENT_ID || ''; },
|
|
get oktaClientSecret() { return process.env.OKTA_CLIENT_SECRET || ''; },
|
|
get oktaApiToken() { return process.env.OKTA_API_TOKEN || ''; }, // SSWS token for Users API
|
|
// Tanflow configuration for token exchange
|
|
get tanflowBaseUrl() { return process.env.TANFLOW_BASE_URL || '{{IDP_DOMAIN}}/realms/RE'; },
|
|
get tanflowClientId() { return process.env.TANFLOW_CLIENT_ID || 'REFLOW'; },
|
|
get tanflowClientSecret() { return process.env.TANFLOW_CLIENT_SECRET || '{{TANFLOW_CLIENT_SECRET}}'; },
|
|
};
|
|
|
|
export { ssoConfig };
|
|
export type { SSOUserData };
|