bw-copilot-resources/resources/skills/discord-oauth-vue3-vite/references/env-vars.md

Environment Variables

Set these in the target app or in the app's local env files.

• AUTH_PORT - auth service port, default 8787
• NODE_ENV - enables stricter secret checks outside development
• JWT_SECRET - signing secret for access tokens
• ACCESS_TOKEN_TTL - access token lifetime, default 15m
• REFRESH_TOKEN_TTL_DAYS - refresh session lifetime, default 30
• COOKIE_NAME - refresh token cookie name, default gopvp_refresh
• COOKIE_SECURE - set to true for HTTPS deployments
• COOKIE_SAME_SITE - cookie same-site mode, default lax
• AUTH_CLIENTS_FILE - optional path to a JSON client map
• AUTH_CLIENTS_JSON - optional inline JSON client map
• FRONTEND_ORIGIN - legacy single-origin fallback
• DISCORD_CLIENT_ID - legacy single-origin fallback
• DISCORD_CLIENT_SECRET - legacy single-origin fallback
• DISCORD_SCOPES - legacy single-origin fallback, default identify,email
• ALLOWLIST_DISCORD_IDS - legacy single-origin fallback, comma-separated Discord user IDs
• DEFAULT_FEATURE_KEYS - feature flags granted to allowlisted users

Keep secrets out of committed files and copy them into local environment files instead.