version: v26.2.0

serve:
  public:
    base_url: http://127.0.0.1:4433/
    cors:
      enabled: true
      allowed_origins:
        - http://localhost:3000
        - http://127.0.0.1:3000
      allowed_methods: [GET, POST, PUT, PATCH, DELETE]
      allowed_headers: [Authorization, Cookie, Content-Type, X-Session-Token]
      exposed_headers: [Content-Type, Set-Cookie]
      allow_credentials: true
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://localhost:3000/
  allowed_return_urls:
    - http://localhost:3000

  methods:
    password:
      enabled: true
    link:
      enabled: true
      config:
        lifespan: 15m

  flows:
    error:
      ui_url: http://localhost:3000/error
    settings:
      ui_url: http://localhost:3000/settings
      privileged_session_max_age: 15m
    recovery:
      enabled: true
      ui_url: http://localhost:3000/recovery
      use: link
    verification:
      enabled: true
      ui_url: http://localhost:3000/verification
      use: link
      after:
        default_browser_return_url: http://localhost:3000/
    logout:
      after:
        default_browser_return_url: http://localhost:3000/login
    login:
      ui_url: http://localhost:3000/login
      lifespan: 10m
    registration:
      lifespan: 10m
      ui_url: http://localhost:3000/registration
      after:
        password:
          hooks:
            - hook: session

log:
  level: info
  format: json
  leak_sensitive_values: false

# DEV SECRETS — replace before using in anything resembling production.
secrets:
  cookie:
    - PLEASE-CHANGE-ME-IAM-INSECURE-DEV-SECRET-0000000000
  cipher:
    - 32-LONG-DEV-SECRET-NOT-SECURE-00

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/identity.schema.json

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true