# ansible/roles/services/templates/paperless_django_settings.j2
import os

PAPERLESS_ENABLE_OIDC = True
OIDC_RP_CLIENT_ID = "{{ paperless_oidc_client_id }}"
OIDC_RP_CLIENT_SECRET = os.getenv('PAPERLESS_CLIENT_SECRET')
OIDC_RP_SIGN_ALGO = "RS256"
OIDC_VERIFY_SSL = False

OIDC_OP_AUTHORIZATION_ENDPOINT = "https://{{ keycloak_host }}/realms/{{ keycloak_realm }}/protocol/openid-connect/auth"
OIDC_OP_TOKEN_ENDPOINT = "https://{{ keycloak_host }}/realms/{{ keycloak_realm }}/protocol/openid-connect/token"
OIDC_OP_USER_ENDPOINT = "https://{{ keycloak_host }}/realms/{{ keycloak_realm }}/protocol/openid-connect/userinfo"
OIDC_OP_JWKS_ENDPOINT = "https://{{ keycloak_host }}/realms/{{ keycloak_realm }}/protocol/openid-connect/certs"

OIDC_RP_SCOPES = "openid profile email"

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
        },
    },
    'root': {
        'handlers': ['console'],
        'level': 'DEBUG',
    },
    'loggers': {
        'mozilla_django_oidc': {
            'handlers': ['console'],
            'level': 'DEBUG'
        },
    }
}