jortt-mcp/.env.example

37 lines
1.4 KiB
Text
Raw Permalink Normal View History

# Copy to .env and fill in credentials from your registered Jortt API application:
# https://app.jortt.nl/new_profile/api/jortt/oauth_applications/list
# Every secret below can alternatively be read from a file via <NAME>_FILE,
# e.g. JORTT_CLIENT_SECRET_FILE=/run/agenix/jortt-client-secret
JORTT_CLIENT_ID=
JORTT_CLIENT_SECRET=
# Optional: space-separated scopes to request (defaults to all registered scopes)
# JORTT_SCOPES=invoices:read customers:read reports:read
# Optional: expose only GET (list/get) tools
# JORTT_READ_ONLY=1
# --- HTTP transport (default is stdio) ---
# MCP_TRANSPORT=http
# MCP_HOST=127.0.0.1
# MCP_PORT=3910
# Authentication for incoming MCP requests: "token" or "oidc" (required for http)
# MCP_AUTH_MODE=token
# MCP_AUTH_TOKEN= # generate with: openssl rand -hex 32
# OIDC resource-server mode (auth by an external OAuth provider / proxy):
# MCP_AUTH_MODE=oidc
# MCP_OIDC_ISSUER=https://auth.example.com
# MCP_RESOURCE_URL=https://jortt-mcp.example.com/mcp
# MCP_OIDC_AUDIENCE= # defaults to MCP_RESOURCE_URL
# MCP_OIDC_ALLOWED_SUBJECTS=kate,kate@example.com
# For issuers with opaque tokens (e.g. Authelia), use RFC 7662 introspection:
# MCP_OIDC_INTROSPECTION_URL= # discovered from the issuer when omitted
# MCP_OIDC_CLIENT_ID=
# MCP_OIDC_CLIENT_SECRET=
# DNS-rebinding protection: exact Host / Origin header allowlists
# MCP_ALLOWED_HOSTS=jortt-mcp.example.com
# MCP_ALLOWED_ORIGINS=