9756809b68
Remove proxy forward-auth header trust; app runs authorization code flow using OIDC_CLIENT_SECRET and registers redirect URI from SERVICE_URL or OIDC_REDIRECT_URI.
19 lines
547 B
Text
19 lines
547 B
Text
# Bugsink (Sentry-compatible DSN from bugsink.aexoradao.com project settings)
|
|
BUGSINK_DSN=
|
|
|
|
# In-app Authentik OIDC (client secret stays in the app, not the proxy)
|
|
OIDC_ISSUER=https://auth.aexoradao.com/application/o/quant-web/
|
|
OIDC_CLIENT_ID=quant-web
|
|
OIDC_CLIENT_SECRET=
|
|
OIDC_REDIRECT_URI=
|
|
OIDC_SCOPES=openid profile email
|
|
AUTH_REQUIRED=true
|
|
|
|
# Local dev only when AUTH_REQUIRED=false
|
|
DEV_USER=dev@local
|
|
|
|
# Core tickers (comma-separated)
|
|
CORE_TICKERS=SPY,QQQ,AAPL,MSFT,GOOGL,AMZN,NVDA,META,IWM,TLT
|
|
|
|
# Historical seed window (years)
|
|
SEED_YEARS=5
|