SecondStep.config do
  # SecondStep URI
  #   The path to the root of SecondStep.
  #
  # secondstep_uri 'https://getsecondstep.com/'

  # SecondStep JWT Audience
  #   The `aud` claim for JWT
  #
  # secondstep_aud "SecondStep Authentication - Env: production - Host: https://getsecondstep.com - Tech Edge Advisors, LLC."

  # Api Path
  #   The path from secondstep_uri to the API root (penne12/path-builder syntax)
  #
  # api_path path.api(version)

  # Version
  #   The api version.
  #
  # version 'v1'

  # Application ID (required)
  #   The application ID provided by SecondStep. This is seperate from the OAuth
  #   client id.
  #
  application_id ENV['SECONDSTEP_APPLICATION_ID']

  # OAuth 2
  #  - Redirect URI
  #     The URI to redirect to when getting an OAuth2 authorization_code.
  #     Use "urn:ietf:wg:oauth:2.0:oob" to show the user the code and ask them to
  #     enter it into your app. Most applications don't use this
  #
  # redirect_uri "urn:ietf:wg:oauth:2.0:oob"

  #  - Client Credentials (required)
  #     Client credentials required for use of the api. It's recommended to
  #     store then in environmental variables to prevent accidental leakage.
  #
  client_id ENV['SECONDSTEP_CLIENT_ID']
  client_secret ENV['SECONDSTEP_CLIENT_SECRET']

  # RSA Key (required)
  #   An `OpenSSL::PKey::RSA` public/private RSA key pair. You should store the
  #   key with a passphrase and hidden from version controll (with .gitignore).
  #   You must link this with SecondStep when changed. You can use this Rake
  #   task to do so:
  #
  #   $ rake second_step:link_key
  #
  rsa_key OpenSSL::PKey::RSA.new File.read(Rails.root.join('private.pem')), ENV['SECONDSTEP_RSA_PASSPHRASE']

  # Word List (required for token phrase generator)
  #   A path to a line seperated word list for generating token phrases.
  #   Unix has a standard word list, normally located at /usr/share/dict/words
  #   or /usr/dict/words. You might want to set this as an ENV variable on your
  #   computer.
  #
  #   If the word list is too short, you may encounter a
  #   SecondStep::NotEnoughEntropyForPhraseError. Either increase the phrase
  #   generator's length, replace this file with something bigger, or add
  #   more delimiters.
  #
  # word_list_path '/usr/share/dict/words'

  # Phrase Length for Phrase Generator
  #   The amount of words to generate when creating a phrase. Lowering this
  #   expodentally lowers entropy, while raising this expodentally raises
  #   entropy. More words will take longer to generate and will be harder to
  #   type. This number was chosen as most humans can hold about 7±2 objects in
  #   their working memory (Miller, http://psychclassics.yorku.ca/Miller/).
  #
  #   If you encounter a SecondStep::NotEnoughEntropyForPhraseError, you should
  #   raise this value.
  #
  # phrase_generator_length 5

  # Minimum Entropy for Phrase Generator
  #   The minimum amount of entropy that should be required to use the phrase
  #   generator. Raises a SecondStep::NotEnoughEntropyForPhraseError if there
  #   are not enough words in the word list to give the generator enough entropy
  #
  #   Changing this to a lower value will phrases generated by the phrase
  #   generator expodentally less secure. Changing it to a higher value may
  #   break compatability with other operating systems.
  #
  #   If you encounter a SecondStep::NotEnoughEntropyForPhraseError, it's much
  #   safer to raise `phrase_generator_length` instead of lowering this value.
  #
  # phrase_generator_min_entropy 92 # bits

  # Phrase Delimiters
  #   An array of characters to seperate words in phrases. Chosen randomly for
  #   each phrase.
  #
  # phrase_delimiters %{., -:_+}.split ''

  # QR Token length
  #   The length of the random string to generate to use as the token when
  #   encoded into a QR code.
  #
  # token_qr_length 64

  # JWT Leeway
  #   An amount (in seconds) of leeway to add when verifying claims.
  #   Seehttps://github.com/jwt/ruby-jwt#expiration-time-claim
  #
  # jwt_leeway 0 # seconds

  # JWT HMAC Algorithm
  #   The JWT algorithm to use for HMAC tokens. You really shouldn't change this
  #
  # jwt_hmac_algorithm 'HS512'

  # JWT RSA Algorithm
  #   The JWT algorithm to use for RSA tokens. You really shouldn't change this
  #
  # jwt_rsa_algorithm 'RS512'

  # orm (required)
  #   The ORM to use with SecondStep. Only :none, :memory and :active_record are
  #   supported by default.
  #
  #   active_record:
  #     Store data in ActiveRecord. If you haven't created the migration to use
  #     this adapter, create it by running:
  #
  #      $ rails g second_step:migration
  #
  #   memory:
  #     Store data in memory. This is not recommended as a restart of your server
  #     will force you to re-link all of your users.
  #
  #   none:
  #     Don't use any orm specific code. SecondStep will not work.
  orm_adapter <%= orm %>
end