# LastID SDK Configuration Example
#
# Copy this file to `lastid.toml` in your project root and customize as needed.
# Environment variables can override any setting using ${VAR_NAME} syntax.
#
# Configuration precedence (highest to lowest):
# 1. Environment variables
# 2. Explicit config via builder
# 3. Discovered TOML files (./lastid.toml, ~/.config/lastid/config.toml, /etc/lastid/config.toml)
# 4. Default values
# =============================================================================
# Required Settings
# =============================================================================
# IDP endpoint URL (required)
# Must use HTTPS in production. HTTP allowed only for localhost development.
idp_endpoint = "https://human.lastid.co"
# OAuth client ID for authentication (required for authenticated requests)
client_id = "your-client-id"
# =============================================================================
# Optional Settings
# =============================================================================
# Trust registry endpoint (defaults to {idp_endpoint}/v1/trust-registry)
# trust_registry_endpoint = "https://human.lastid.co/v1/trust-registry"
# Public base URL for generating callback URLs
# public_base_url = "https://your-app.com"
# HTTP request timeout in seconds (default: 30)
timeout_seconds = 30
# Clock skew tolerance in seconds for credential timestamp validation (default: 60)
# Allows for clock drift between client and server when validating exp/nbf claims
clock_skew_seconds = 60
# =============================================================================
# Polling Configuration
# =============================================================================
# Controls how the SDK polls for credential request completion
[polling]
# Initial polling interval in milliseconds (default: 2000)
initial_interval_ms = 2000
# Maximum polling interval in milliseconds (default: 30000)
max_interval_ms = 30000
# Backoff multiplier for exponential backoff (default: 1.5, minimum: 1.0)
backoff_multiplier = 1.5
# Maximum polling duration in seconds (default: 300 = 5 minutes)
max_duration_seconds = 300
# =============================================================================
# Retry Policy
# =============================================================================
# Controls retry behavior for transient HTTP failures
[retry]
# Maximum retry attempts (default: 3)
max_attempts = 3
# Initial retry delay in milliseconds (default: 1000)
initial_delay_ms = 1000
# Maximum retry delay in milliseconds (default: 30000)
max_delay_ms = 30000
# Exponential backoff base (default: 2.0, minimum: 1.0)
backoff_base = 2.0
# =============================================================================
# Trust Registry Cache
# =============================================================================
# Controls caching of trust registry lookups
[cache]
# Enable caching (default: true)
enabled = true
# Cache TTL in seconds (default: 60, maximum: 3600)
ttl_seconds = 60
# Maximum cache entries (default: 1000)
max_entries = 1000
# =============================================================================
# Network Configuration (Enterprise)
# =============================================================================
# Controls HTTP client behavior for corporate network environments
[network]
# HTTP proxy URL for corporate networks (optional)
# proxy_url = "http://proxy.corp.example.com:8080"
# HTTPS proxy URL if different from HTTP proxy (optional)
# https_proxy_url = "http://secure-proxy.corp.example.com:8080"
# Hostnames to bypass proxy (comma-separated)
# no_proxy = "localhost,127.0.0.1,.internal.corp"
# TCP connection timeout in seconds (default: 10)
connect_timeout_seconds = 10
# HTTP response read timeout in seconds (default: 30)
read_timeout_seconds = 30
# Overall request timeout in seconds (default: 30)
request_timeout_seconds = 30
# Connection pool idle timeout in seconds (default: 30)
pool_idle_timeout_seconds = 30
# Maximum idle connections per host (default: 5)
pool_max_idle_per_host = 5
# Custom header name for correlation IDs (default: "X-Request-ID")
correlation_id_header = "X-Request-ID"
# Enable correlation ID generation (default: true)
enable_correlation_ids = true
# =============================================================================
# WebSocket Configuration (requires "websocket" feature)
# =============================================================================
# Controls real-time status updates via WebSocket
# [websocket]
# # Enable WebSocket for real-time updates (default: true)
# enabled = true
#
# # WebSocket connection timeout in seconds (default: 10)
# connect_timeout_seconds = 10
#
# # WebSocket receive timeout in seconds (default: 300)
# receive_timeout_seconds = 300
#
# # Automatic reconnection attempts (default: 3)
# reconnect_attempts = 3
#
# # Reconnection delay in milliseconds (default: 1000)
# reconnect_delay_ms = 1000
# =============================================================================
# Environment Variable Examples
# =============================================================================
# You can use environment variables with ${VAR_NAME} syntax:
#
# idp_endpoint = "${LASTID_ENDPOINT}"
# client_id = "${LASTID_CLIENT_ID}"
# timeout_seconds = "${LASTID_TIMEOUT}"
#
# Supported environment variables (override TOML values):
# LASTID_ENDPOINT - IDP endpoint URL
# LASTID_CLIENT_ID - OAuth client ID
# LASTID_TRUST_REGISTRY - Trust registry endpoint
# LASTID_TIMEOUT - HTTP timeout in seconds
# LASTID_POLLING_TIMEOUT - Max polling duration in seconds
# LASTID_CACHE_TTL - Cache TTL in seconds