work on login flow

conf/00-default.yaml

@@ -2,27 +2,29 @@ $schema: ../schemas/config.json
 http_web:
   address: 0.0.0.0
   port: 8080
-  exposed_url: https://me.local.jbrumond.me:8080
+  exposed_url: https://www.example.com:8080
   tls: false
   # tls:
   #   key: /tls/tls.key
   #   cert: /tls/tls.cert
-  etag:
-    static_assets: strong
+  compress:
+  - gzip
+  - deflate
+  - br
+  - identity
+  etag: true
   cache_control:
     static_assets: public, max-age=3600
 http_meta:
+  # DO NOT expose the metadata API to the public internet
   address: 0.0.0.0
   port: 8081
   tls: false
-  # tls:
-  #   key: /tls/tls.key
-  #   cert: /tls/tls.cert
 oidc:
-  server_url: https://sso.jbrumond.me/realms/public
+  server_url: https://oauth.example.com
   signing_algorithm: ES512
-  client_id: ""
-  client_secret: ""
+  client_id: your-client-id
+  client_secret: your-client-secret
 pkce_cookie:
   name: app_pkce_code
   secure: true
@@ -32,13 +34,14 @@ session_cookie:
   name: app_session_key
   secure: true
   ttl: 7200
+  pepper: secret-pepper-value
 snowflake_uid:
   epoch: 1577836800000
   instance: 0  # todo: This should be populated by a StatefulSet ordinal in k8s; Need to prototype
 storage:
   engine: file
 argon2:
-  # note: Using the argon2id variant with a time cost of 3 and memory cost 64MiB (65536)
+  # Using the argon2id variant with a time cost of 3 and memory cost 64MiB (65536)
   # is the recommendation for memory constrained environments, according to RFC 9106. If
   # running in an environment that has more available memory to use, the preferred
   # configuration is to instead run with a time cost of 1 and memory cost of 2GiB (2097152).