diff --git a/porchlight.dev.toml b/porchlight.dev.toml
new file mode 100644
index 0000000..f5dd782
--- /dev/null
+++ b/porchlight.dev.toml
@@ -0,0 +1,29 @@
+# Porchlight OIDC Provider Configuration
+#
+# Copy this file to porchlight.toml and edit to suit your deployment.
+# Environment variables (OIDC_OP_*) override values set here.
+# To use a different path: export OIDC_OP_CONFIG_FILE=/path/to/config.toml
+
+issuer = "https://auth.example.com"
+
+# debug = false
+# session_secret = "generate-a-random-string-here"
+# sqlite_path = "data/oidc_op.db"
+# signing_key_path = "data/keys"
+# invite_ttl = 86400
+
+# Register OIDC Relying Party clients below.
+# Each [clients.<client-id>] section defines one client.
+
+# [clients.my-webapp]
+# client_secret = "change-me-to-a-long-random-string"
+# redirect_uris = ["https://app.example.com/callback"]
+# response_types = ["code"]
+# scope = ["openid", "profile", "email"]
+# token_endpoint_auth_method = "client_secret_basic"
+[clients.showcase-rp]
+client_secret = "client-secret-in-dev"
+redirect_uris = ["http://localhost:9000/callback"]
+response_types = ["code"]
+scope = ["openid", "profile", "email", "offline_access"]
+token_endpoint_auth_method = "client_secret_basic"