Configuration

Required Environment Variables

Variable	Description
`ACCESS_CONTROL_DATABASE_URL`	Access Control DB (used by `AccessControlDataModule`)
`AUTH_ISS`	JWT issuer (e.g. `https://idp.uat.digiwedge.com`)
`AUTH_AUD`	Default audience for issued tokens (service-specific)
`JWT_SECRET`	HMAC secret for HS256 when applicable
`PORT`	Default `3101`
`LOCAL_HOST`	Dev host for Swagger
`IDP_CORS_ALLOWED_ORIGINS`	CSV of allowed SPA origins (or `CORS_ALLOWED_ORIGINS`)

Variable	Description
`CALLBACK_URL`	Base redirect URL; specific providers can override
`GOOGLE_CALLBACK_URL`	Full Google redirect URL
`FACEBOOK_CALLBACK_URL`	Full Facebook redirect URL
`GOOGLE_SCOPES_EXTRA`	Optional extras
`FACEBOOK_SCOPES_EXTRA`	Optional extras
`SENDGRID_API_ID`, `SENDGRID_API_KEY`	For email notifications
`TWILIO_ACCOUNT_SID`, `TWILIO_AUTH_TOKEN`, `TWILIO_VERIFY_SERVICE_SID`	For SMS MFA
`WHATSAPP_TOKEN`	For WhatsApp MFA (preferred)

Variable	Description
`CI_OFFLINE=true`	Disable live HTTP pings in provider checks
`BULL_PREFIX`	Queue prefix
`NOTIFICATION_QUEUE_NAME`	Queue name for notifications