Configuration
The Core system utilizes config.yaml for specifying the configuration.
The Config component extends the Resource Distributor functionality by maintaining tenant configurations in memory.
The base tenant configuration is derived from config.yaml, while individual tenants can implement custom configurations that inherit from the base tenant's settings.
The CoreConfig class defines the system's configurable parameters. Properties are annotated with @JsonProperty for serialization, while @ConfigDescription provides documentation for each property.
Within the Multitenancy context, the following annotations govern configuration behavior:
| Annotation | Significance |
|---|---|
@ConfigYamlOnly |
Properties with this annotation are restricted to config.yaml configuration only. These settings are enforced globally across all apps and tenants. |
@NotConflictingInApp |
Properties with this annotation allow app-level customization while maintaining consistency across all tenants within the same app. |
| None of the above | Properties without these annotations support individual tenant-level customization. |
The Config class ensures the above rules and validates the config for each of the tenant. Core will not allow creation of tenant with any contradicting values based on the annotated rules explained above.
Configuration Inheritance
The base tenant configuration is sourced from the config.yaml file. Subsequent apps and tenants inherit this base configuration and can apply their own customizations as an overlay.
For instance, consider the following base configuration in config.yaml:
access_token_validity: 3600
refresh_token_validity: 360000
And, a tenant has the following configuration set:
access_token_validity: 1800
The effective configuration of the tenant would be:
access_token_validity: 1800
refresh_token_validity: 360000
Config Storage
The Storage Layer of the base tenant manages the persistence of configurations for all apps and tenants within the core system. A dedicated Cron Task, SyncCoreConfigWithDb, periodically synchronizes configurations from the database to the in-memory tenant instances. This synchronization mechanism ensures consistency across multiple core instances that share the same database, enabling real-time propagation of configuration changes across the distributed system.
Protected Configs
The CoreConfig class maintains a list of PROTECTED_CONFIGS that enforces restricted access in SaaS environments. These configurations are inaccessible for both reading and modification through standard api_keys. Access is exclusively granted through the supertokens_saas_secret API key, ensuring that only the SaaS system can manage these settings while preventing end-user modification. This protection mechanism primarily applies to sensitive configurations, including database connection parameters and other critical system settings.