# AWS Cognito Configuration
AWS_REGION=us-east-1
COGNITO_USER_POOL_ID=us-east-1_example
COGNITO_CLIENT_ID=your-first-client-id
COGNITO_CLIENT_ID_2=your-second-client-id-same-pool
# For multi-pool examples (optional)
AWS_REGION_2=us-west-2
COGNITO_USER_POOL_ID_2=us-west-2_example2
COGNITO_CLIENT_ID_3=your-client-id-different-pool
# JWT Tokens for testing (get these from your Cognito app)
# You can get these by authenticating a user in your Cognito app
COGNITO_ID_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
COGNITO_ACCESS_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Optional: For negative test cases
# Token from a different client ID (for testing client ID validation)
COGNITO_ID_TOKEN_CLIENT2=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
COGNITO_ACESS_TOKEN_CLIENT2=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Token from a different user pool ID (for testing user pool ID validation)
COGNITO_ID_TOKEN_CLIENT3=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
COGNITO_ACESS_TOKEN_CLIENT3=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Expired token (for testing expiration validation)
EXPIRED_ID_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
EXPIRED_ACCESS_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# OIDC Provider Configuration
# Can use AWS Cognito for OIDC, use these patterns:
# OIDC_ISSUER=https://cognito-idp.{AWS_REGION}.amazonaws.com/{COGNITO_USER_POOL_ID}
# OIDC_JWKS_URL=https://cognito-idp.{AWS_REGION}.amazonaws.com/{COGNITO_USER_POOL_ID}/.well-known/jwks.json
# OIDC_CLIENT_ID={same as COGNITO_CLIENT_ID}
# OIDC_ID_TOKEN={same as COGNITO_ID_TOKEN}
# OIDC_ACCESS_TOKEN={same as COGNITO_ACCESS_TOKEN}
OIDC_ISSUER=https://accounts.example.com
OIDC_JWKS_URL=https://accounts.example.com/.well-known/jwks.json
OIDC_CLIENT_ID=your-oidc-client-id
OIDC_CLIENT_ID_2=your-second-oidc-client-id-same-provider
# JWT Tokens for testing (get these from your OIDC provider)
OIDC_ID_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
OIDC_ACCESS_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Optional: For negative test cases
# Token from a different client ID (for testing client ID validation)
OIDC_ID_TOKEN_CLIENT2=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
OIDC_ACCESS_TOKEN_CLIENT2=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# For multi-provider examples (optional)
OIDC_ISSUER_2=https://accounts.example2.com
OIDC_JWKS_URL_2=https://accounts.example2.com/.well-known/jwks.json
OIDC_CLIENT_ID_3=your-client-id-different-provider
# Token from a different provider (for testing issuer validation)
OIDC_ID_TOKEN_CLIENT3=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
OIDC_ACCESS_TOKEN_CLIENT3=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Expired tokens (for testing expiration validation)
OIDC_EXPIRED_ID_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
OIDC_EXPIRED_ACCESS_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Server configuration (if needed)
PORT=3000