-
-
Notifications
You must be signed in to change notification settings - Fork 704
Expand file tree
/
Copy path.env.oauth21
More file actions
62 lines (57 loc) · 2.56 KB
/
.env.oauth21
File metadata and controls
62 lines (57 loc) · 2.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# OAuth 2.1 Configuration Example
# Copy this to .env and update with your Google OAuth credentials
# Required: Google OAuth 2.0 Client Credentials
# Note: OAuth 2.1 will automatically use GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET
# if OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET are not set
GOOGLE_OAUTH_CLIENT_ID="your-google-client-id"
GOOGLE_OAUTH_CLIENT_SECRET="your-google-client-secret"
# Development Settings (set to true for localhost testing)
OAUTH2_ALLOW_INSECURE_TRANSPORT=false
OAUTH2_ENABLE_DEBUG=false
# Legacy Compatibility (recommended during migration)
OAUTH2_ENABLE_LEGACY_AUTH=true
# ---------------------------------------------------------------------------
# FastMCP OAuth Proxy Storage Backends (OAuth 2.1)
#
# Storage backend for OAuth proxy state. Options: memory, disk, valkey
# Default: FastMCP's built-in default (disk on Mac/Windows, memory on Linux)
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=memory|disk|valkey
#
# ---------------------------------------------------------------------------
# Memory Storage (default on Linux)
# - Fast, no persistence, data lost on restart
# - Best for: development, testing, stateless deployments
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=memory
#
# ---------------------------------------------------------------------------
# Disk Storage (default on Mac/Windows)
# - Persists across restarts, single-server only
# - Best for: single-server production, persistent caching
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=disk
# WORKSPACE_MCP_OAUTH_PROXY_DISK_DIRECTORY=~/.fastmcp/oauth-proxy
#
# ---------------------------------------------------------------------------
# Valkey/Redis Storage
# - Distributed, multi-server support
# - Best for: production, multi-server deployments, cloud native
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=valkey
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_HOST=localhost
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PORT=6379
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USE_TLS=false
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_DB=0
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USERNAME=
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PASSWORD=
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_REQUEST_TIMEOUT_MS=5000
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_CONNECTION_TIMEOUT_MS=10000
#
# ---------------------------------------------------------------------------
# Encryption:
# - Disk and Valkey storage are encrypted with Fernet.
# - Key derived from FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY if set,
# otherwise from GOOGLE_OAUTH_CLIENT_SECRET.
# - For stable decryption across client-secret rotations, set
# FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY explicitly.