| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- <?php
- return [
- /*
- |--------------------------------------------------------------------------
- | Redirect Domains
- |--------------------------------------------------------------------------
- |
- | These domains are the domains that OAuth clients are permitted to use
- | for redirect URIs. Each domain should be specified with its scheme
- | and host. Domains not in this list will raise validation errors.
- |
- | An "*" may be used to allow all domains.
- |
- */
- 'redirect_domains' => [
- '*',
- // 'https://example.com',
- // 'http://localhost',
- ],
- /*
- |--------------------------------------------------------------------------
- | Allowed Custom Schemes
- |--------------------------------------------------------------------------
- |
- | Native desktop OAuth clients like Cursor and VS Code use private-use URI
- | schemes (RFC 8252) for redirect callbacks instead of standard schemes
- | like HTTPS. Here, you may list which custom schemes you will allow.
- |
- */
- 'custom_schemes' => [
- // 'claude',
- // 'cursor',
- // 'vscode',
- ],
- /*
- |--------------------------------------------------------------------------
- | Authorization Server
- |--------------------------------------------------------------------------
- |
- | Here you may configure the OAuth authorization server issuer identifier
- | per RFC 8414. This value appears in your protected resource and auth
- | server metadata endpoints. When null, this defaults to `url('/')`.
- |
- */
- 'authorization_server' => null,
- ];
|
