(auth) {
   order authenticate before respond
   order authorize before reverse_proxy
   security {
           oauth identity provider google {
                   realm google
                   driver google
                   client_id {$OAUTH_CLIENT_ID}
                   client_secret {$OAUTH_CLIENT_SECRET}
                   scopes openid email profile
           }
           authentication portal myportal {
                   enable identity provider google
                   cookie domain veenboer.xyz
                   ui {
                           links {
                                   "My Identity" "/whoami" icon "las la-user"
                           }
                   }

                   transform user {
                           match realm google
                           action add role authp/user
                   }

                   transform user {
                           match realm google

                           # Give this account admin role in the auth portal
                           match email rik.veenboer@gmail.com
                           action add role authp/admin
                   }
           }
           authorization policy mypolicy {
                   set auth url https://auth.rik.veenboer.xyz/oauth2/google
                   allow roles authp/admin authp/user
                   validate bearer header
                   inject headers with claims
           }
   }

 }