Class tigrbl_auth.runtime_cfg.Settings
tigrbl_auth.runtime_cfg.Settings
Bases: BaseSettings
redis_url_env
class-attribute
instance-attribute
redis_url_env = Field(default=get('REDIS_URL'))
redis_host
class-attribute
instance-attribute
redis_host = Field(default=get('REDIS_HOST'))
redis_port
class-attribute
instance-attribute
redis_port = Field(default=int(get('REDIS_PORT', '6379')))
redis_db
class-attribute
instance-attribute
redis_db = Field(default=int(get('REDIS_DB', '0')))
redis_password
class-attribute
instance-attribute
redis_password = Field(default=get('REDIS_PASSWORD'))
redis_url
property
redis_url
Return a valid Redis connection URL.
pg_dsn_env
class-attribute
instance-attribute
pg_dsn_env = Field(
default=get("POSTGRES_URL") or get("PG_DSN")
)
pg_host
class-attribute
instance-attribute
pg_host = Field(default=get('PG_HOST'))
pg_port
class-attribute
instance-attribute
pg_port = Field(default=int(get('PG_PORT', '5432')))
pg_db
class-attribute
instance-attribute
pg_db = Field(default=get('PG_DB'))
pg_user
class-attribute
instance-attribute
pg_user = Field(default=get('PG_USER'))
pg_pass
class-attribute
instance-attribute
pg_pass = Field(default=get('PG_PASS'))
async_fallback_db
class-attribute
instance-attribute
async_fallback_db = Field(default=get('ASYNC_FALLBACK_DB'))
pg_dsn
property
pg_dsn
apg_dsn
property
apg_dsn
jwt_secret
class-attribute
instance-attribute
jwt_secret = Field(get("JWT_SECRET", "insecure-dev-secret"))
log_level
class-attribute
instance-attribute
log_level = Field(get('LOG_LEVEL', 'INFO'))
id_token_encryption_key
class-attribute
instance-attribute
id_token_encryption_key = Field(
default=get("TIGRBL_AUTH_ID_TOKEN_ENC_KEY", "0" * 32),
description="Symmetric key for ID Token encryption",
)
enable_id_token_encryption
class-attribute
instance-attribute
enable_id_token_encryption = Field(
default=lower() in {"1", "true", "yes"},
description="Encrypt ID Tokens using JWE when enabled",
)
require_tls
class-attribute
instance-attribute
require_tls = Field(
default=lower() in {"1", "true", "yes"},
description="Require HTTPS for all incoming requests",
)
rfc8707_enabled
class-attribute
instance-attribute
rfc8707_enabled = Field(
default=get("TIGRBL_AUTH_ENABLE_RFC8707", "0") == "1"
)
enable_rfc8705
class-attribute
instance-attribute
enable_rfc8705 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Mutual-TLS client authentication per RFC 8705",
)
enable_rfc8725
class-attribute
instance-attribute
enable_rfc8725 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Token Best Current Practices per RFC 8725",
)
enable_rfc7636
class-attribute
instance-attribute
enable_rfc7636 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Proof Key for Code Exchange per RFC 7636",
)
enable_rfc7638
class-attribute
instance-attribute
enable_rfc7638 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JWK Thumbprint per RFC 7638",
)
enable_rfc7800
class-attribute
instance-attribute
enable_rfc7800 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Proof-of-Possession semantics per RFC 7800",
)
enforce_rfc8252
class-attribute
instance-attribute
enforce_rfc8252 = Field(
default=lower() in {"1", "true", "yes"},
description="Validate redirect URIs according to RFC 8252",
)
enable_rfc8291
class-attribute
instance-attribute
enable_rfc8291 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Message Encryption for Web Push per RFC 8291",
)
enable_rfc8812
class-attribute
instance-attribute
enable_rfc8812 = Field(
default=lower() in {"1", "true", "yes"},
description=(
"Enable WebAuthn algorithm registrations per RFC 8812",
),
)
enable_rfc8037
class-attribute
instance-attribute
enable_rfc8037 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable CFRG EdDSA algorithms per RFC 8037",
)
enable_rfc8176
class-attribute
instance-attribute
enable_rfc8176 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Authentication Method Reference validation per RFC 8176",
)
enable_rfc7662
class-attribute
instance-attribute
enable_rfc7662 = Field(
default=lower() in {"1", "true", "yes"}
)
enable_rfc9449
class-attribute
instance-attribute
enable_rfc9449 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Demonstrating Proof of Possession (DPoP) per RFC 9449",
)
enable_dpop
property
enable_dpop
Alias for backward compatibility.
enable_rfc9396
class-attribute
instance-attribute
enable_rfc9396 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Rich Authorization Requests per RFC 9396",
)
enable_rfc9101
class-attribute
instance-attribute
enable_rfc9101 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JWT-Secured Authorization Request per RFC 9101",
)
enable_rfc7009
class-attribute
instance-attribute
enable_rfc7009 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Token Revocation per RFC 7009",
)
enable_rfc8414
class-attribute
instance-attribute
enable_rfc8414 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Authorization Server Metadata per RFC 8414",
)
enable_rfc9207
class-attribute
instance-attribute
enable_rfc9207 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Authorization Server Issuer Identification per RFC 9207",
)
enable_rfc8523
class-attribute
instance-attribute
enable_rfc8523 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JWT Profile for OAuth 2.0 Client Authentication per RFC 8523",
)
enable_rfc7952
class-attribute
instance-attribute
enable_rfc7952 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Security Event Token (SET) per RFC 7952",
)
enable_rfc8693
class-attribute
instance-attribute
enable_rfc8693 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Token Exchange per RFC 8693",
)
enable_rfc8932
class-attribute
instance-attribute
enable_rfc8932 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Enhanced Authorization Server Metadata per RFC 8932",
)
enable_rfc9126
class-attribute
instance-attribute
enable_rfc9126 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Pushed Authorization Requests per RFC 9126",
)
enable_rfc9068
class-attribute
instance-attribute
enable_rfc9068 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JWT Profile for OAuth 2.0 Access Tokens per RFC 9068",
)
enable_rfc6750
class-attribute
instance-attribute
enable_rfc6750 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Bearer Token Usage per RFC 6750",
)
enable_rfc6750_query
class-attribute
instance-attribute
enable_rfc6750_query = Field(
default=lower() in {"1", "true", "yes"},
description="Allow access_token as URI query parameter per RFC 6750 §2.3",
)
enable_rfc6750_form
class-attribute
instance-attribute
enable_rfc6750_form = Field(
default=lower() in {"1", "true", "yes"},
description="Allow access_token in application/x-www-form-urlencoded bodies per RFC 6750 §2.2",
)
enable_rfc6749
class-attribute
instance-attribute
enable_rfc6749 = Field(
default=lower() in {"1", "true", "yes"},
description="Enforce core OAuth 2.0 error handling per RFC 6749",
)
enable_rfc8628
class-attribute
instance-attribute
enable_rfc8628 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Device Authorization Grant per RFC 8628",
)
enable_rfc7515
class-attribute
instance-attribute
enable_rfc7515 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Signature per RFC 7515",
)
enable_rfc7516
class-attribute
instance-attribute
enable_rfc7516 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Encryption per RFC 7516",
)
enable_rfc7517
class-attribute
instance-attribute
enable_rfc7517 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Key per RFC 7517",
)
enable_rfc7518
class-attribute
instance-attribute
enable_rfc7518 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Algorithms per RFC 7518",
)
enable_rfc7519
class-attribute
instance-attribute
enable_rfc7519 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JSON Web Token per RFC 7519",
)
enable_rfc7520
class-attribute
instance-attribute
enable_rfc7520 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JOSE examples per RFC 7520",
)
enable_rfc7591
class-attribute
instance-attribute
enable_rfc7591 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Dynamic Client Registration per RFC 7591",
)
enable_rfc7592
class-attribute
instance-attribute
enable_rfc7592 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable OAuth 2.0 Client Registration Management per RFC 7592",
)
enable_rfc7521
class-attribute
instance-attribute
enable_rfc7521 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable Assertion Framework for OAuth 2.0 per RFC 7521",
)
enable_rfc7523
class-attribute
instance-attribute
enable_rfc7523 = Field(
default=lower() in {"1", "true", "yes"},
description="Enable JWT Profile for OAuth 2.0 per RFC 7523",
)
model_config
class-attribute
instance-attribute
model_config = SettingsConfigDict(env_file=None)