# OAuth Configuration for 1440.news Dashboard
# Copy this file to oauth.env and fill in the values

# Cookie encryption secret (32 bytes / 64 hex characters)
# Generate with: openssl rand -hex 32
OAUTH_COOKIE_SECRET=

# ES256 private JWK for client authentication
# Generate with the command below, then paste the JSON output here (on one line)
#
# To generate a key using Go:
#   go run ./cmd/genkey
#
# Or use openssl + jq:
#   openssl ecparam -name prime256v1 -genkey -noout | openssl ec -text -noout 2>/dev/null | \
#   awk '/priv:/{p=1} p{print}' | head -5 | tr -d ' \n:' | xxd -r -p | base64
#
# The JWK should look like:
# {"kty":"EC","crv":"P-256","x":"...","y":"...","d":"...","kid":"..."}
OAUTH_PRIVATE_JWK=

# Optional: Override the base URL for OAuth redirects
# Default: https://app.1440.news (production) or http://localhost:4321 (local)
# OAUTH_BASE_URL=https://app.1440.news