colab:
  dms:
    username: COLAB_TECH # coLab technical user. Overwrites enaio technical user ROOT.
    password: COLAB_TECH_PASS # coLab technical user password.

enaio:
  admin-user-group: COLAB_ADMIN  # Users in this group have admin role in coLab. Default is COLAB_ADMIN.
  colab-user-group: COLAB_USER  # If enabled, members of this group can log in to coLab. Default is COLAB_USER.
  mark-objects-interval: 300000  # Time interval (in ms) for sending shared object info from coLab to enaio server.
  upload-type-service-start-time: "0 1 1 * * ?"  # Cron expression for fetching upload types after project room creation.

global:
  service:
    baseUrl: http://localhost/colab  # Public base URL used for OAuth2 redirection.
  language: en  # Default global language.
  o365-enabled: true  # Enable/disable O365 integration. Default is true. Requires OFFICE365 and DASHLET365 services.

epr:
  smtp:
    host: localhost  # SMTP server address.
    port: 26  # SMTP server port.
    tls: false  # Enable transport layer security.
    auth:
      username: something  # Username for SMTP authentication.
      password: something  # Password for SMTP authentication.
      enable: false  # Whether to enable SMTP authentication.
    from:
      address: enaio-colab@localhost  # "From" address used in email communications.
      name: enaio coLab  # Name displayed as the sender of the email.

  postgres:
    uri: //10.1.4247:5432/colab  # Postgres database URI.
    username: colab  # Postgres DB username.
    password: 1234   # Postgres DB password.

  file-repository:
    store: fs  # File store type. 'fs' stands for filesystem.
    file-system-dir: C:\colab-files-repo  # Directory for temporary file uploads/downloads.

spring:
  servlet:
    multipart:
      max-request-size: 522MB  # Maximum size allowed for a request.
      max-file-size: 512MB  # Maximum file size inside a request (must be 10MB smaller than max-request-size).

  liquibase:
    contexts: legacy  # Enables Liquibase db migration tool for clean new installations; triggers DB schema creation.

  security:
    oauth2:
      client:
        registration:
          google:
            clientId: <google_client_id>  # Google app client ID from Developers Console.
            clientSecret: <google_client_secret>  # Google app client secret.
            redirect-uri: ${global.service.baseUrl}/epr/login/google  # Redirect URL for Google OAuth login.
            scope: openid, email, profile  # Google OAuth scopes.

          linkedin:
            clientId: <linkedIn_client_id>  # LinkedIn app client ID.
            clientSecret: <linkedIn_client_secret>  # LinkedIn app client secret.
            redirect-uri: ${global.service.baseUrl}/epr/login/linkedin  # Redirect URL for LinkedIn OAuth login.
            scope: r_liteprofile, r_emailaddress  # LinkedIn OAuth scopes.
            client-authentication-method: post  # Method of client authentication (POST).
            authorization-grant-type: authorization_code  # OAuth 2 grant type.

          microsoft:
            client-id: <microsoft_client_id>  # Microsoft app client ID.
            client-secret: <microsoft_client_secret>  # Microsoft app client secret.
            provider: microsoft  # OAuth provider.
            redirect-uri: ${global.service.baseUrl}/epr/login/microsoft  # Redirect URL for Microsoft OAuth login.
            scope: openid, profile, email, https://graph.microsoft.com/.default  # Microsoft OAuth scopes.
            authorization-grant-type: authorization_code  # OAuth 2 grant type.

          keycloak:
            clientId: <keycloak_client_id>  # Keycloak client ID.
            clientSecret: <keycloak_client_secret>  # Keycloak client secret.
            provider: keycloak  # OAuth provider.
            redirect-uri: ${global.service.baseUrl}/epr/login/keycloak  # Redirect URL for Keycloak OAuth login.
            scope: openid, profile, email  # Keycloak OAuth scopes.
            authorization-grant-type: authorization_code  # OAuth 2 grant type.
            title: <keycloak_provider_title>  # Title for Keycloak login option.

        provider:
          microsoft:
            authorization-uri: https://login.microsoftonline.com/common/oauth2/v2.0/authorize  # Microsoft authorization endpoint.
            token-uri: https://login.microsoftonline.com/common/oauth2/v2.0/token  # Microsoft token endpoint.
            user-info-uri: https://graph.microsoft.com/v1.0/me  # Microsoft user info endpoint.
            jwk-set-uri: https://login.microsoftonline.com/common/discovery/v2.0/keys  # Microsoft JWK (JSON Web Key) URI.
            user-name-attribute: id  # Attribute for user's unique identifier in Microsoft.

          linkedin:
            authorization-uri: https://www.linkedin.com/oauth/v2/authorization  # LinkedIn authorization endpoint.
            token-uri: https://www.linkedin.com/oauth/v2/accessToken  # LinkedIn token endpoint.
            user-info-uri: https://api.linkedin.com/v2/me  # LinkedIn user info endpoint.
            user-name-attribute: id  # Attribute for user's unique identifier in LinkedIn.

          keycloak:
            authorization-uri: http://<ip:port>/auth/realms/<colab_realm_name>/protocol/openid-connect/auth  # Keycloak authorization endpoint.
            token-uri: http://<ip:port>/auth/realms/<colab_realm_name>/protocol/openid-connect/token  # Keycloak token endpoint.
            user-info-uri: http://<ip:port>/auth/realms/<colab_realm_name>/protocol/openid-connect/userinfo  # Keycloak user info endpoint.
            jwk-set-uri: http://<ip:port>/auth/realms/<colab_realm_name>/protocol/openid-connect/certs  # Keycloak JWK URI.
            user-name-attribute: sub  # Attribute for user's unique identifier in Keycloak.