Configuration

A key concept of SympAuthy is to allow you to deploy a fully configured instance of it without requiring you to connect to an interface. Therefore, all the configurations of SympAuthy must be text-based and deployed alongside it.

For this matter, SympAuthy relies on the configuration mechanism of Micronaut.

Everything is configurable through the use of:

• YAML or JSON configuration files.
• environment variables.
• parameters passed to the binary.

Example: configuring the server port using each method:

application.yml

micronaut:
  server:
    port: 9090

Environment variable

export MICRONAUT_SERVER_PORT=9090

Command-line argument

java -jar sympauthy.jar --micronaut.server.port=9090

Micronaut

Since SympAuthy is constructed using the Micronaut framework, it shares the configuration keys of all Micronaut-based applications to configure some basic features. The table below provides examples of commonly used keys:

Key	Type	Description	Required Default
micronaut.server.port	int	TCP port the server will be listening to.	NO 8080

The full list is available in the Micronaut documentation.

urls

SympAuthy needs to know its own public URL so it can build correct redirect URIs, populate the iss claim in JWT tokens, and serve the OpenID Connect discovery document. This URL must be the address that end-users and client applications use to reach the server.

Key	Type	Description	Required Default
root	absolute url	The url at which the end-user can access the root of the application.	YES

Example:

urls:
  root: https://auth.example.com

Configuration pages

• Environments — Micronaut environments for out-of-the-box configurations.
• Database — Database connection (PostgreSQL, H2).
• Mail — Email / SMTP configuration.
• Admin — Admin API, integrated UI, and admin audience binding.
• Client — OAuth client definitions.
• Audience — Audience grouping and token audience configuration.
• Authorization — Authentication, authorization flows, MFA, and rules.
• Invitation — Bootstrap invitations declared in configuration.
• Provider — Third-party authentication provider configuration (OIDC, OAuth2).
• Claim — Claim collection configuration.
• Scope — Scope configuration.
• Advanced — JWT, hashing, URLs, and other advanced settings.