http_address            =   "0.0.0.0:4180"
cookie_secret           =   "{{applications.oauth2_proxy.cookie_secret}}"
email_domains           =   "{{primary_domain}}"
cookie_secure           =   "false"
upstreams               =   "http://{{applications[application_id].oauth2_proxy.application}}:{{applications[application_id].oauth2_proxy.port}}"
cookie_domains          =   ["{{domain}}", "{{domains.keycloak}}"]                  # Required so cookie can be read on all subdomains.
whitelist_domains       =   [".{{primary_domain}}"]                                 # Required to allow redirection back to original requested target.

# keycloak provider
client_secret           =   "{{oidc.client.secret}}"
client_id               =   "{{oidc.client.id}}"
redirect_url            =   "https://{{domain}}/oauth2/callback"
oidc_issuer_url         =   "{{oidc.client.issuer_url}}"
provider                =   "oidc"
provider_display_name   =   "Keycloak"

# role restrictions
#cookie_roles            =   "realm_access.roles"
allowed_roles           =   "{{applications.oauth2_proxy.allowed_roles}}"