# OAuth 2.1 Configuration Example
# Copy this to .env and update with your Google OAuth credentials
# Required: Google OAuth 2.0 Client Credentials
# Note: OAuth 2.1 will automatically use GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET
# if OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET are not set
GOOGLE_OAUTH_CLIENT_ID="your-google-client-id"
GOOGLE_OAUTH_CLIENT_SECRET="your-google-client-secret"
# Development Settings (set to true for localhost testing)
OAUTH2_ALLOW_INSECURE_TRANSPORT=false
OAUTH2_ENABLE_DEBUG=false
# Legacy Compatibility (recommended during migration)
OAUTH2_ENABLE_LEGACY_AUTH=true
# ---------------------------------------------------------------------------
# FastMCP OAuth Proxy Storage Backends (OAuth 2.1)
#
# Storage backend for OAuth proxy state. Options: memory, disk, valkey
# Default: FastMCP's built-in default (disk on Mac/Windows, memory on Linux)
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=memory|disk|valkey
#
# ---------------------------------------------------------------------------
# Memory Storage (default on Linux)
# - Fast, no persistence, data lost on restart
# - Best for: development, testing, stateless deployments
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=memory
#
# ---------------------------------------------------------------------------
# Disk Storage (default on Mac/Windows)
# - Persists across restarts, single-server only
# - Best for: single-server production, persistent caching
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=disk
# WORKSPACE_MCP_OAUTH_PROXY_DISK_DIRECTORY=~/.fastmcp/oauth-proxy
#
# ---------------------------------------------------------------------------
# Valkey/Redis Storage
# - Distributed, multi-server support
# - Best for: production, multi-server deployments, cloud native
#
# WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=valkey
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_HOST=localhost
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PORT=6379
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USE_TLS=false
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_DB=0
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USERNAME=
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PASSWORD=
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_REQUEST_TIMEOUT_MS=5000
# WORKSPACE_MCP_OAUTH_PROXY_VALKEY_CONNECTION_TIMEOUT_MS=10000
#
# ---------------------------------------------------------------------------
# Encryption:
# - Disk and Valkey storage are encrypted with Fernet.
# - Key derived from FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY if set,
# otherwise from GOOGLE_OAUTH_CLIENT_SECRET.
# - For stable decryption across client-secret rotations, set
# FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY explicitly.
