lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add example config file and update README

Browse source
This commit is contained in:
Johan Lundberg 2026-02-18 12:54:43 +01:00
parent eeb09321e2
commit 8c91edf137
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
2 changed files with 59 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

37
README.md
View file

@ -82,7 +82,9 @@ uv run porchlight initial-admin admin --group admin --group superusers
### Configuration
All settings are read from environment variables with the `OIDC_OP_` prefix:
All settings are read from environment variables with the `OIDC_OP_` prefix.
Settings can also be provided via a TOML config file (see below). Environment
variables always take priority over file values.
| Variable | Default | Description |
|---|---|---|
@ -93,9 +95,42 @@ All settings are read from environment variables with the `OIDC_OP_` prefix:
| `OIDC_OP_SIGNING_KEY_PATH` | `data/keys` | OIDC signing key storage |
| `OIDC_OP_INVITE_TTL` | `86400` | Magic link expiry in seconds |
| `OIDC_OP_MANAGE_CLIENT_ID` | `manage-app` | Client ID for the management UI |
| `OIDC_OP_CONFIG_FILE` | `porchlight.toml` | Path to TOML config file |
Database migrations run automatically on startup.
### Configuration file
Copy `porchlight.example.toml` to `porchlight.toml` and edit to suit your
deployment. The file supports all the same settings as environment variables
(without the `OIDC_OP_` prefix), plus OIDC client registrations.
```toml
issuer = "https://auth.example.com"
session_secret = "your-random-secret"
[clients.my-webapp]
client_secret = "change-me-to-a-long-random-string"
redirect_uris = ["https://app.example.com/callback"]
response_types = ["code"]
scope = ["openid", "profile", "email"]
token_endpoint_auth_method = "client_secret_basic"
```
Each `[clients.<client-id>]` section registers an OIDC Relying Party on
startup. Only `client_secret` and `redirect_uris` are required; the other
fields have sensible defaults (`response_types = ["code"]`,
`scope = ["openid"]`, `token_endpoint_auth_method = "client_secret_basic"`).
To use a config file at a different path:
```bash
export OIDC_OP_CONFIG_FILE=/etc/porchlight/config.toml
```
If the config file does not exist, it is silently ignored and all settings
fall back to environment variables and defaults.
## Development Setup
### Prerequisites