Knowledge base

Environment variables

This document has the full list of environment variables that can be configured in the Docker Compose File or Helm yaml files:

VariableDescriptionRequired
Identity Platform Variables
WH_IAM_ISSUER_URIThe URI identifying your IdP and used as the base URL for AUTHORIZATION and TOKEN endpoints.
# example
http://localhost:8800/auth/realms/webhookie		Yes
WH_IAM_JWK_SET_URIThe JWT Key Set URI provided by your IdP is used to download the public keys for the verification of the JWTs
# example http://keycloak:8080/auth/realms/webhookie/protocol/openid-connect/certs		Yes
WH_IAM_JWS_ALGThe allgorithm that is used to sign the JWTs.
RS256		Yes
WH_SECURITY_AUDIdentifer for the webhookie backend (normally setup as an API in your IdP). This is the identifier that appears in the Audience (aud) claim in the JWT.
# example
webhookie_api		Yes
WH_SECURITY_CLIENT_IDThe client ID generated by your IdP for webhookie. Normally this is achieved by setting up the webhookie portal as a Single Page Web Application (SPA). This is only used for login purposes.
# example
webhookie_client		Yes
WH_SECURITY_ROLES_JSON_PATHThe claim in your JWT that identifies the roles the user has. See Identity Platform (IdP) Setup for more information. Note: The JSON path has a $$ which is yaml notation. In other places it should be a single $ sign e.g. AWS console , docker run .
# example
$$.resource_access.webhookie_client.roles		Yes
WH_SECURITY_GROUPS_JSON_PATHThe claim in your JWT that identifies the groups the user belongs to. See Identity Platform (IdP) Setup for more information. Note: The JSON path has a $$ which is yaml notation. In other places it should be a single $ sign e.g. AWS console, docker run.
# example
$$.groups		Yes
WH_SECURITY_ENTITY_JSON_PATHThe claim in your JWT that identifies the entity the user belongs to. See Identity Platform (IdP) Setup for more information. Note: The JSON path has a $$ which is yaml notation. In other places it should be a single $ sign e.g. AWS console , docker run .
$$.entity		Yes
WH_SECURITY_AUTO_ASSIGN_CONSUMER_ROLEIf set to true all authenticated users will automatically get the WH_CONSUMER role. Default it is false.
true		No
WH_SECURITY_OAUTH2_AUTHORIZATION_URIThe relative path to the authorize endpoint in your IdP. This relative path is appended to the WH_IAM_ISSUER_URI to form the full endpoint address.
# example
/protocol/openid-connect/auth		Yes
WH_SECURITY_OAUTH2_TOKEN_URIThe relative path to the token endpoint in your IdP. This relative path is appended to the WH_IAM_ISSUER_URI to form the full endpoint address.
# example
/protocol/openid-connect/token		Yes
MongoDB variables
WH_MONGODB_URIThe connection string to your MongoDB instance.
# example
mongodb://mongodb/webhookie-db?retryWrites=true&w=majority&maxPoolSize=200		Yes
CORS variables
WEBHOOKIE_SECURITY_ALLOWED-ORIGINSThe allowed origins to the webhookie api (backend)
# example
http://localhost:4300		Yes
# A JWT example that the snippets reference above.
{
  "exp": 1631652286,
  "iat": 1631616286,
  "jti": "9adf35fc-af1b-46fb-9907-cb464a75bbdf",
  "iss": "http://localhost:8800/auth/realms/webhookie",
  "aud": "webhookie_api",
  "sub": "2ca56807-71b8-40f5-b6ef-30e81ed36803",
  "typ": "Bearer",
  "azp": "webhookie_client",
  "session_state": "28e47efd-7243-4fc3-be8b-83df7c6b5442",
  "acr": "1",
  "allowed-origins": [
    "http://localhost:4300"
  ],
  "resource_access": {
    "webhookie_client": {
      "roles": [
        "WH_PROVIDER",
        "WH_CONSUMER",
        "WH_ADMIN"
      ]
    }
  },
  "scope": "email profile",
  "email_verified": false,
  "groups": [],
  "preferred_username": "webhookie_admin",
  "entity": "Webhookie"
}

Powered by BetterDocs