# Authentication Feature Configuration
# Settings for the authentication and authorization system

[features]
auth = true

# OAuth Configuration
[oauth]
enabled = false

[oauth.google]
client_id = "your-google-client-id"
client_secret = "your-google-client-secret"
redirect_uri = "http://localhost:3030/auth/google/callback"

[oauth.github]
client_id = "your-github-client-id"
client_secret = "your-github-client-secret"
redirect_uri = "http://localhost:3030/auth/github/callback"

# JWT Configuration
[auth.jwt]
secret = "change-this-in-production-to-a-secure-random-string"
expiration = 86400  # 24 hours in seconds
refresh_token_expiration = 604800  # 7 days in seconds
algorithm = "HS256"
issuer = "rustelo-app"
audience = "rustelo-users"

# Password Policy
[auth.password]
min_length = 8
require_uppercase = true
require_lowercase = true
require_numbers = true
require_special_chars = true
max_age_days = 90
history_count = 5

# Account Security
[auth.security]
max_login_attempts = 5
lockout_duration = 900  # 15 minutes in seconds
session_timeout = 3600  # 1 hour in seconds
require_email_verification = true
password_reset_timeout = 3600  # 1 hour in seconds

# Two-Factor Authentication
[auth.two_factor]
enabled = false
backup_codes_count = 10
totp_issuer = "Rustelo App"
totp_digits = 6
totp_period = 30

# User Registration
[auth.registration]
enabled = true
require_email_verification = true
auto_approve = true
default_role = "user"
allowed_domains = []  # Empty array means all domains allowed

# Session Management
[auth.sessions]
cleanup_interval = 3600  # 1 hour in seconds
max_concurrent_sessions = 5
remember_me_duration = 2592000  # 30 days in seconds

# Rate Limiting for Auth Endpoints
[auth.rate_limiting]
login_attempts_per_minute = 5
registration_attempts_per_hour = 3
password_reset_attempts_per_hour = 3