# Authentication Feature Configuration - Development Environment
# Settings optimized for local development and debugging

[features]
auth = true

# OAuth Configuration - Development
[oauth]
enabled = false

[oauth.google]
client_id = "dev-google-client-id"
client_secret = "dev-google-client-secret"
redirect_uri = "http://localhost:3030/auth/google/callback"

[oauth.github]
client_id = "dev-github-client-id"
client_secret = "dev-github-client-secret"
redirect_uri = "http://localhost:3030/auth/github/callback"

# JWT Configuration - Development
[auth.jwt]
secret = "dev-jwt-secret-change-in-production"
expiration = 86400  # 24 hours in seconds
refresh_token_expiration = 604800  # 7 days in seconds
algorithm = "HS256"
issuer = "rustelo-app-dev"
audience = "rustelo-users-dev"

# Password Policy - Relaxed for development
[auth.password]
min_length = 6
require_uppercase = false
require_lowercase = true
require_numbers = true
require_special_chars = false
max_age_days = 365
history_count = 3

# Account Security - Relaxed for development
[auth.security]
max_login_attempts = 10
lockout_duration = 300  # 5 minutes in seconds
session_timeout = 7200  # 2 hours in seconds
require_email_verification = false
password_reset_timeout = 7200  # 2 hours in seconds

# Two-Factor Authentication - Disabled for development
[auth.two_factor]
enabled = false
backup_codes_count = 10
totp_issuer = "Rustelo App Dev"
totp_digits = 6
totp_period = 30

# User Registration - Open for development
[auth.registration]
enabled = true
require_email_verification = false
auto_approve = true
default_role = "user"
allowed_domains = []  # Empty array means all domains allowed

# Session Management - Extended for development
[auth.sessions]
cleanup_interval = 3600  # 1 hour in seconds
max_concurrent_sessions = 10
remember_me_duration = 2592000  # 30 days in seconds

# Rate Limiting - Relaxed for development
[auth.rate_limiting]
login_attempts_per_minute = 20
registration_attempts_per_hour = 10
password_reset_attempts_per_hour = 10