-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.env.example
More file actions
75 lines (61 loc) · 3.1 KB
/
.env.example
File metadata and controls
75 lines (61 loc) · 3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# OBP API Configuration
OBP_BASE_URL="http://localhost:8080"
OBP_API_VERSION="v7.0.0"
# Basic Server Config
FASTMCP_PORT=9101
FASTMCP_HOST=0.0.0.0
# OAuth Settings
ENABLE_OAUTH="false"
## this is the url of this mcp application i.e. http://localhost:9100
BASE_URL="http://localhost:9101"
# Choose authentication provider:
# - "bearer-only": Simple JWT validation only (recommended for Opey/internal agents)
# OAuth flow is handled externally; MCP server just validates tokens
# - "obp-oidc": Full OAuth 2.1 flow with OBP-OIDC (for external MCP clients)
# - "keycloak": Full OAuth 2.1 flow with Keycloak (for external MCP clients)
#
# For Opey: Use "bearer-only" - the frontend portal handles OAuth, and the agent
# passes the user's token to the MCP server for validation.
# For VS Code/Claude Desktop: Use "obp-oidc" or "keycloak" - these clients need
# the full OAuth discovery flow to authenticate users.
AUTH_PROVIDER=obp-oidc
## Keycloak realm URL (required if AUTH_PROVIDER=keycloak)
## For bearer-only: Set this to accept tokens from Keycloak
#KEYCLOAK_REALM_URL="http://localhost:8000/realms/obp-mcp"
# OBP-OIDC issuer URL (required if AUTH_PROVIDER=obp-oidc)
# For bearer-only: Set this to accept tokens from OBP-OIDC
OBP_OIDC_ISSUER_URL=http://localhost:9000/obp-oidc
# This setting controls how we authorize API requests to OBP after authentication.
# Options:
# - "oauth": Use OAuth the oauth access token. Best for when using an MCP client that cannot perform the
# consent flow itself (e.g. VS Code extension, Claude Desktop).
# - "consent": Elicit user consent before each API call. Best for MCP clients like Opey that will support
# user consent flows.
# - "none": No authorization method is used. OBP-API calls are made but with limited access (only public endpoints).
OBP_AUTHORIZATION_VIA="none" # Options: "oauth", "consent", "none"
# OBP API consumer key that opey uses (required for "consent" authorization method with opey)
OBP_OPEY_CONSUMER_KEY="obp-opey-ii-client"
# Multi-issuer bearer-only mode:
# Set BOTH KEYCLOAK_REALM_URL and OBP_OIDC_ISSUER_URL with AUTH_PROVIDER=bearer-only
# to accept tokens from either identity provider. The server will route validation
# to the correct JWKS endpoint based on the token's "iss" claim.
#
# Example for multi-issuer:
# AUTH_PROVIDER=bearer-only
# KEYCLOAK_REALM_URL=http://localhost:8080/realms/fastmcp
# OBP_OIDC_ISSUER_URL=http://localhost:9000/obp-oidc
# Optional: Override JWKS URI for single-issuer bearer-only mode
# (defaults to {issuer}/jwks for OBP-OIDC or {issuer}/protocol/openid-connect/certs for Keycloak)
# JWKS_URI=http://localhost:9000/obp-oidc/jwks
# FastMCP Server Configuration
# These variables control the HTTP server host and port
FASTMCP_HOST="127.0.0.1"
FASTMCP_PORT="9100"
# Database Index Update Configuration
UPDATE_INDEX_ON_STARTUP="true"
# Options: "static", "dynamic", "all"
UPDATE_INDEX_ENDPOINT_TYPE="all"
# Periodic refresh interval in minutes (0 to disable)
REFRESH_INTERVAL_MINUTES="5"
# Options: "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"
LOG_LEVEL="INFO"