swsrs

Appearance

Configuration

All options accept either env vars or flags. Flags override env.

Env / FlagDefaultDescription
SWSRS_ADDR / --addr:8080Listen address
SWSRS_OIDC_ISSUER / --oidc-issuer(required unless --no-auth)OIDC issuer URL (autodiscovery)
SWSRS_OIDC_AUDIENCE / --oidc-audienceExpected aud claim (your IdP client_id). Empty disables audience check — strongly discouraged in production.
SWSRS_OIDC_CLIENT_ID / --oidc-client-idShared OAuth client_id surfaced via /.well-known/swsrs-config (clients use this with device flow)
SWSRS_SESSION_TTL / --session-ttl1hMaximum session lifetime
SWSRS_PEER_WAIT / --peer-wait2mHow long a peer waits for its counterpart
SWSRS_REAP_INTERVAL / --reap-interval30sExpired-session sweep cadence
SWSRS_PUBLIC_BASE_URL / --public-base-urlPublic ws(s) URL embedded in admin responses
SWSRS_ALLOWED_ORIGINSComma-separated host patterns allowed as Origin for both WebSocket upgrades and HTTP/CORS on /admin/* and /.well-known/*. Glob hosts supported (app.example.com, *.example.com, localhost:*). Empty = same-origin only.
SWSRS_TLS_CERT / --tls-certPEM cert; with --tls-key enables in-process TLS
SWSRS_TLS_KEY / --tls-keyPEM key
SWSRS_NO_AUTH / --no-authfalseDev only — disable OIDC verification on the admin API

OIDC scopes

The admin API enforces these scopes per route:

Method & PathRequired scope
POST /admin/sessionsswsrs:session:create
GET /admin/sessionsswsrs:session:read
GET /admin/sessions/{id}swsrs:session:read
DELETE /admin/sessions/{id}swsrs:session:delete

A typical client app needs only swsrs:session:create. See Authentication for the model.

Endpoints

PathAuthNotes
GET /.well-known/swsrs-confignone (public)404s when --no-auth
GET /healthznone (public)200 ok
POST /admin/sessionsOIDC + swsrs:session:create201 + session JSON
GET /admin/sessionsOIDC + swsrs:session:read200 + { sessions: [...] }
GET /admin/sessions/{id}OIDC + swsrs:session:read200 or 404
DELETE /admin/sessions/{id}OIDC + swsrs:session:delete204 or 404
GET /relay/{id} (WS upgrade)opaque per-slot token101 or 401/404

Released under the MIT License.

© 2026 Michał Jaskólski