Class tigrbl_auth.runtime_cfg.Settings

tigrbl_auth.runtime_cfg.Settings

Bases: BaseSettings

redis_url_env class-attribute instance-attribute

redis_url_env = Field(default=get('REDIS_URL'))

redis_host class-attribute instance-attribute

redis_host = Field(default=get('REDIS_HOST'))

redis_port class-attribute instance-attribute

redis_port = Field(default=int(get('REDIS_PORT', '6379')))

redis_db class-attribute instance-attribute

redis_db = Field(default=int(get('REDIS_DB', '0')))

redis_password class-attribute instance-attribute

redis_password = Field(default=get('REDIS_PASSWORD'))

redis_url property

redis_url

Return a valid Redis connection URL.

pg_dsn_env class-attribute instance-attribute

pg_dsn_env = Field(
    default=get("POSTGRES_URL") or get("PG_DSN")
)

pg_host class-attribute instance-attribute

pg_host = Field(default=get('PG_HOST'))

pg_port class-attribute instance-attribute

pg_port = Field(default=int(get('PG_PORT', '5432')))

pg_db class-attribute instance-attribute

pg_db = Field(default=get('PG_DB'))

pg_user class-attribute instance-attribute

pg_user = Field(default=get('PG_USER'))

pg_pass class-attribute instance-attribute

pg_pass = Field(default=get('PG_PASS'))

async_fallback_db class-attribute instance-attribute

async_fallback_db = Field(default=get('ASYNC_FALLBACK_DB'))

pg_dsn property

pg_dsn

apg_dsn property

apg_dsn

jwt_secret class-attribute instance-attribute

jwt_secret = Field(get("JWT_SECRET", "insecure-dev-secret"))

log_level class-attribute instance-attribute

log_level = Field(get('LOG_LEVEL', 'INFO'))

id_token_encryption_key class-attribute instance-attribute

id_token_encryption_key = Field(
    default=get("TIGRBL_AUTH_ID_TOKEN_ENC_KEY", "0" * 32),
    description="Symmetric key for ID Token encryption",
)

enable_id_token_encryption class-attribute instance-attribute

enable_id_token_encryption = Field(
    default=lower() in {"1", "true", "yes"},
    description="Encrypt ID Tokens using JWE when enabled",
)

require_tls class-attribute instance-attribute

require_tls = Field(
    default=lower() in {"1", "true", "yes"},
    description="Require HTTPS for all incoming requests",
)

rfc8707_enabled class-attribute instance-attribute

rfc8707_enabled = Field(
    default=get("TIGRBL_AUTH_ENABLE_RFC8707", "0") == "1"
)

enable_rfc8705 class-attribute instance-attribute

enable_rfc8705 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Mutual-TLS client authentication per RFC 8705",
)

enable_rfc8725 class-attribute instance-attribute

enable_rfc8725 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Token Best Current Practices per RFC 8725",
)

enable_rfc7636 class-attribute instance-attribute

enable_rfc7636 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Proof Key for Code Exchange per RFC 7636",
)

enable_rfc7638 class-attribute instance-attribute

enable_rfc7638 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JWK Thumbprint per RFC 7638",
)

enable_rfc7800 class-attribute instance-attribute

enable_rfc7800 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Proof-of-Possession semantics per RFC 7800",
)

enforce_rfc8252 class-attribute instance-attribute

enforce_rfc8252 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Validate redirect URIs according to RFC 8252",
)

enable_rfc8291 class-attribute instance-attribute

enable_rfc8291 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Message Encryption for Web Push per RFC 8291",
)

enable_rfc8812 class-attribute instance-attribute

enable_rfc8812 = Field(
    default=lower() in {"1", "true", "yes"},
    description=(
        "Enable WebAuthn algorithm registrations per RFC 8812",
    ),
)

enable_rfc8037 class-attribute instance-attribute

enable_rfc8037 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable CFRG EdDSA algorithms per RFC 8037",
)

enable_rfc8176 class-attribute instance-attribute

enable_rfc8176 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Authentication Method Reference validation per RFC 8176",
)

enable_rfc7662 class-attribute instance-attribute

enable_rfc7662 = Field(
    default=lower() in {"1", "true", "yes"}
)

enable_rfc9449 class-attribute instance-attribute

enable_rfc9449 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Demonstrating Proof of Possession (DPoP) per RFC 9449",
)

enable_dpop property

enable_dpop

Alias for backward compatibility.

enable_rfc9396 class-attribute instance-attribute

enable_rfc9396 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Rich Authorization Requests per RFC 9396",
)

enable_rfc9101 class-attribute instance-attribute

enable_rfc9101 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JWT-Secured Authorization Request per RFC 9101",
)

enable_rfc7009 class-attribute instance-attribute

enable_rfc7009 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Token Revocation per RFC 7009",
)

enable_rfc8414 class-attribute instance-attribute

enable_rfc8414 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Authorization Server Metadata per RFC 8414",
)

enable_rfc9207 class-attribute instance-attribute

enable_rfc9207 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Authorization Server Issuer Identification per RFC 9207",
)

enable_rfc8523 class-attribute instance-attribute

enable_rfc8523 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JWT Profile for OAuth 2.0 Client Authentication per RFC 8523",
)

enable_rfc7952 class-attribute instance-attribute

enable_rfc7952 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Security Event Token (SET) per RFC 7952",
)

enable_rfc8693 class-attribute instance-attribute

enable_rfc8693 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Token Exchange per RFC 8693",
)

enable_rfc8932 class-attribute instance-attribute

enable_rfc8932 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Enhanced Authorization Server Metadata per RFC 8932",
)

enable_rfc9126 class-attribute instance-attribute

enable_rfc9126 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Pushed Authorization Requests per RFC 9126",
)

enable_rfc9068 class-attribute instance-attribute

enable_rfc9068 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JWT Profile for OAuth 2.0 Access Tokens per RFC 9068",
)

enable_rfc6750 class-attribute instance-attribute

enable_rfc6750 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Bearer Token Usage per RFC 6750",
)

enable_rfc6750_query class-attribute instance-attribute

enable_rfc6750_query = Field(
    default=lower() in {"1", "true", "yes"},
    description="Allow access_token as URI query parameter per RFC 6750 §2.3",
)

enable_rfc6750_form class-attribute instance-attribute

enable_rfc6750_form = Field(
    default=lower() in {"1", "true", "yes"},
    description="Allow access_token in application/x-www-form-urlencoded bodies per RFC 6750 §2.2",
)

enable_rfc6749 class-attribute instance-attribute

enable_rfc6749 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enforce core OAuth 2.0 error handling per RFC 6749",
)

enable_rfc8628 class-attribute instance-attribute

enable_rfc8628 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Device Authorization Grant per RFC 8628",
)

enable_rfc7515 class-attribute instance-attribute

enable_rfc7515 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Signature per RFC 7515",
)

enable_rfc7516 class-attribute instance-attribute

enable_rfc7516 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Encryption per RFC 7516",
)

enable_rfc7517 class-attribute instance-attribute

enable_rfc7517 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Key per RFC 7517",
)

enable_rfc7518 class-attribute instance-attribute

enable_rfc7518 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Algorithms per RFC 7518",
)

enable_rfc7519 class-attribute instance-attribute

enable_rfc7519 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JSON Web Token per RFC 7519",
)

enable_rfc7520 class-attribute instance-attribute

enable_rfc7520 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JOSE examples per RFC 7520",
)

enable_rfc7591 class-attribute instance-attribute

enable_rfc7591 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Dynamic Client Registration per RFC 7591",
)

enable_rfc7592 class-attribute instance-attribute

enable_rfc7592 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable OAuth 2.0 Client Registration Management per RFC 7592",
)

enable_rfc7521 class-attribute instance-attribute

enable_rfc7521 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable Assertion Framework for OAuth 2.0 per RFC 7521",
)

enable_rfc7523 class-attribute instance-attribute

enable_rfc7523 = Field(
    default=lower() in {"1", "true", "yes"},
    description="Enable JWT Profile for OAuth 2.0 per RFC 7523",
)

model_config class-attribute instance-attribute

model_config = SettingsConfigDict(env_file=None)