···
In production, you will need a private key to sign OAuth tokens request. Use the
26
-
following command to generate a new JWK (JSON Web Key):
26
+
following command to generate a new private key:
32
-
The generated key must be added to the environment variables (`.env` file) as `PRIVATE_KEY`.
32
+
The generated key must be added to the environment variables (`.env` file) in `PRIVATE_KEYS`.
PRIVATE_KEYS='[{"kty":"EC","kid":"12",...}]'
38
-
Note that you can have multiple keys. Always add new keys at the beginning of
39
-
the array, so that the first key is always the most recent one. When a key is
40
-
removed, all associated sessions will be invalidated.
38
+
> [!NOTE] The `PRIVATE_KEYS` is an array of keys. Make sure to use single
39
+
> quotes, and square brackets around the keys `PRIVATE_KEYS='[<key here>]'`. If
40
+
> you generate multiple keys, add new keys at the beginning of the array, so
41
+
> that the first key is always the most recent one. When a key is removed, all
42
+
> associated sessions will be invalidated.
42
-
Make sure to also set the `COOKIE_SECRET` in your environment variables (`.env` file), which is used to sign session cookies. You can generate a random string for this:
44
+
Make sure to also set the `COOKIE_SECRET`, which is used to sign session
45
+
cookies, in your environment variables (`.env` file). You can generate a random
48
-
Finally, set the `PUBLIC_URL` to the URL where your app will be accessible. This is used for OAuth client ID and other configurations.
52
+
Finally, set the `PUBLIC_URL` to the URL where your app will be accessible. This
53
+
will allow the authorization servers to download the app's public keys.
PUBLIC_URL="https://your-app-url.com"
cduck.me