## OAuth2 Proxy Configuration
## Using GitHub as the identity provider

# Provider settings
provider = "github"

# Get these from GitHub Settings → Developer settings → OAuth Apps
client_id = "${GITHUB_CLIENT_ID}"
client_secret = "${GITHUB_CLIENT_SECRET}"

# Cookie settings
cookie_name = "llama_session"
cookie_secret = "${OAUTH2_PROXY_COOKIE_SECRET}"
cookie_domains = [".story-basking.ts.net"]
cookie_expire = "168h0m0s"
cookie_refresh = "60m"
cookie_secure = true
cookie_httponly = true
cookie_samesite = "none"

# Redirect URL - must match GitHub OAuth settings
redirect_url = "https://llama.story-basking.ts.net/oauth2/callback"

# GitHub specific - restrict to specific orgs/users (optional)
# github_org = "your-org"
# github_team = "your-team"
github_user = "brycecovert"

# Upstream - your llama service
upstreams = [ "http://workstation:5082" ]

# Server settings
http_address = "0.0.0.0:4180"
reverse_proxy = true

# Pass user info to upstream
pass_authorization_header = true
pass_access_token = true
set_xauthrequest = true

# Skip the provider selection button
skip_provider_button = true

# Session storage
session_store_type = "cookie"

# Logging
standard_logging = true
auth_logging = true
request_logging = true