BastionSSO/config/oauth.php

<?php

return [
    'issuer' => env('OAUTH_ISSUER', rtrim((string) env('APP_URL', 'http://localhost'), '/')),
    'frontend_login_url' => env('OAUTH_FRONTEND_LOGIN_URL', rtrim((string) env('APP_URL', 'http://localhost'), '/').'/#/login'),
    'frontend_consent_url' => env('OAUTH_FRONTEND_CONSENT_URL', rtrim((string) env('APP_URL', 'http://localhost'), '/').'/#/oauth-consent'),

    'key_id' => env('OAUTH_KEY_ID', ''),
    'private_key_path' => env('OAUTH_PRIVATE_KEY_PATH', storage_path('oauth/private.pem')),
    'public_key_path' => env('OAUTH_PUBLIC_KEY_PATH', storage_path('oauth/public.pem')),
    'openssl_config_path' => env('OAUTH_OPENSSL_CONFIG_PATH', ''),
    'auto_generate_keys' => (bool) env('OAUTH_AUTO_GENERATE_KEYS', true),

    'authorization_code_ttl_seconds' => (int) env('OAUTH_AUTHORIZATION_CODE_TTL_SECONDS', 300),
    'access_token_ttl_seconds' => (int) env('OAUTH_ACCESS_TOKEN_TTL_SECONDS', 3600),
    'refresh_token_ttl_seconds' => (int) env('OAUTH_REFRESH_TOKEN_TTL_SECONDS', 1209600),

    'redirect_uri_policy' => env('OAUTH_REDIRECT_URI_POLICY', 'same_domain'),
    'default_scopes' => ['openid', 'profile', 'email', 'phone'],
    'userinfo_fields' => ['sub', 'nickname', 'email', 'phone'],
];