errFmtLDAPAuthBackendUnauthenticatedBindWithPassword="authentication_backend: ldap: option 'permit_unauthenticated_bind' can't be enabled when a password is specified"
errFmtLDAPAuthBackendUnauthenticatedBindWithResetEnabled="authentication_backend: ldap: option 'permit_unauthenticated_bind' can't be enabled when password reset is enabled"
errFmtStoragePostgreSQLInvalidSSLAndTLSConfig="storage: postgres: can't define both 'tls' and 'ssl' configuration options"
warnFmtStoragePostgreSQLInvalidSSLDeprecated="storage: postgres: ssl: the ssl configuration options are deprecated and we recommend the tls options instead"
"configured to an unsafe value, it should be above 8 but it's configured to %d"
errFmtOIDCProviderPrivateKeysInvalid="identity_providers: oidc: issuer_private_keys: key #%d: option 'key' must be a valid private key but the provided data is malformed as it's missing the public key bits"
errFmtOIDCProviderPrivateKeysCalcThumbprint="identity_providers: oidc: issuer_private_keys: key #%d: option 'key' failed to calculate thumbprint to configure key id value: %w"
errFmtOIDCProviderPrivateKeysKeyIDLength="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option `key_id`` must be 7 characters or less"
errFmtOIDCProviderPrivateKeysAttributeNotUnique="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option '%s' must be unique"
errFmtOIDCProviderPrivateKeysKeyIDNotAlphaNumeric="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'key_id' must only have alphanumeric characters"
errFmtOIDCProviderPrivateKeysProperties="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'key' failed to get key properties: %w"
errFmtOIDCProviderPrivateKeysInvalidOptionOneOf="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option '%s' must be one of %s but it's configured as '%s'"
errFmtOIDCProviderPrivateKeysRSAKeyLessThan2048Bits="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'key' is an RSA %d bit private key but it must at minimum be a RSA 2048 bit private key"
errFmtOIDCProviderPrivateKeysKeyNotRSAOrECDSA="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'key' must be a RSA private key or ECDSA private key but it's type is %T"
errFmtOIDCProviderPrivateKeysKeyCertificateMismatch="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'certificate_chain' does not appear to contain the public key for the private key provided by option 'key'"
errFmtOIDCProviderPrivateKeysCertificateChainInvalid="identity_providers: oidc: issuer_private_keys: key #%d with key id '%s': option 'certificate_chain' produced an error during validation of the chain: %w"
errFmtOIDCProviderPrivateKeysNoRS256="identity_providers: oidc: issuer_private_keys: keys: must at least have one key supporting the '%s' algorithm but only has %s"
errFmtOIDCCORSInvalidOrigin="identity_providers: oidc: cors: option 'allowed_origins' contains an invalid value '%s' as it has a %s: origins must only be scheme, hostname, and an optional port"
errFmtOIDCCORSInvalidOriginWildcard="identity_providers: oidc: cors: option 'allowed_origins' contains the wildcard origin '*' with more than one origin but the wildcard origin must be defined by itself"
errFmtOIDCCORSInvalidOriginWildcardWithClients="identity_providers: oidc: cors: option 'allowed_origins' contains the wildcard origin '*' cannot be specified with option 'allowed_origins_from_client_redirect_uris' enabled"
errFmtOIDCClientsDuplicateID="identity_providers: oidc: clients: option 'id' must be unique for every client but one or more clients share the following 'id' values %s"
errFmtOIDCClientsWithEmptyID="identity_providers: oidc: clients: option 'id' is required but was absent on the clients in positions %s"
errFmtOIDCClientsDeprecated="identity_providers: oidc: clients: warnings for clients above indicate deprecated functionality and it's strongly suggested these issues are checked and fixed if they're legitimate issues or reported if they are not as in a future version these warnings will become errors"
errFmtOIDCClientInvalidSecret="identity_providers: oidc: clients: client '%s': option 'secret' is required"
errFmtOIDCClientInvalidSecretPlainText="identity_providers: oidc: clients: client '%s': option 'secret' is plaintext but for clients not using the 'token_endpoint_auth_method' of 'client_secret_jwt' it should be a hashed value as plaintext values are deprecated with the exception of 'client_secret_jwt' and will be removed when oidc becomes stable"
errFmtOIDCClientInvalidSecretNotPlainText="identity_providers: oidc: clients: client '%s': option 'secret' must be plaintext with option 'token_endpoint_auth_method' with a value of 'client_secret_jwt'"
errFmtOIDCClientPublicInvalidSecret="identity_providers: oidc: clients: client '%s': option 'secret' is "+
errFmtOIDCClientInvalidEntryDuplicates="identity_providers: oidc: clients: client '%s': option '%s' must have unique values but the values %s are duplicated"
"'token_endpoint_auth_method' must be one of %s when configured as the confidential client type unless it only includes implicit flow response types such as %s but it's configured as '%s'"
"'token_endpoint_auth_signing_alg' must be one of registered public key algorithm values %s when option 'token_endpoint_auth_method' is configured to '%s'"
"'grant_types' should only have grant type values which are valid with the configured 'response_types' for the client but '%s' expects a response type %s such as %s but the response types are %s"
errFmtOIDCClientPublicKeysBothURIAndValuesConfigured="identity_providers: oidc: clients: client '%s': public_keys: option 'uri' must not be defined at the same time as option 'values'"
errFmtOIDCClientPublicKeysURIInvalidScheme="identity_providers: oidc: clients: client '%s': public_keys: option 'uri' must have the 'https' scheme but the scheme is '%s'"
errFmtOIDCClientPublicKeysProperties="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option 'key' failed to get key properties: %w"
errFmtOIDCClientPublicKeysInvalidOptionOneOf="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option '%s' must be one of %s but it's configured as '%s'"
errFmtOIDCClientPublicKeysInvalidOptionMissingOneOf="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d: option '%s' must be provided"
errFmtOIDCClientPublicKeysKeyMalformed="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d: option 'key' option 'key' must be a valid private key but the provided data is malformed as it's missing the public key bits"
errFmtOIDCClientPublicKeysRSAKeyLessThan2048Bits="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option 'key' is an RSA %d bit private key but it must at minimum be a RSA 2048 bit private key"
errFmtOIDCClientPublicKeysKeyNotRSAOrECDSA="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option 'key' must be a RSA public key or ECDSA public key but it's type is %T"
errFmtOIDCClientPublicKeysCertificateChainKeyMismatch="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option 'certificate_chain' does not appear to contain the public key for the public key provided by option 'key'"
errFmtOIDCClientPublicKeysCertificateChainInvalid="identity_providers: oidc: clients: client '%s': public_keys: values: key #%d with key id '%s': option 'certificate_chain' produced an error during validation of the chain: %w"
errFmtOIDCClientPublicKeysROSAMissingAlgorithm="identity_providers: oidc: clients: client '%s': option 'request_object_signing_alg' must be one of %s configured in the client option 'public_keys'"
errFmtAccessControlRuleInvalidEntries="access control: rule %s: option '%s' must only have the values %s but the values %s are present"
errFmtAccessControlRuleInvalidDuplicates="access control: rule %s: option '%s' must have unique values but the values %s are duplicated"
errFmtAccessControlRuleQueryInvalid="access control: rule %s: query: option 'operator' must be one of %s but it's configured as '%s'"
errFmtAccessControlRuleQueryInvalidNoValue="access control: rule %s: query: option '%s' is required but it's absent"
errFmtAccessControlRuleQueryInvalidNoValueOperator="access control: rule %s: query: option '%s' must be present when the option 'operator' is '%s' but it's absent"
errFmtAccessControlRuleQueryInvalidValue="access control: rule %s: query: option '%s' must not be present when the option 'operator' is '%s' but it's present"
errFmtAccessControlRuleQueryInvalidValueParse="access control: rule %s: query: option '%s' is "+
errFmtSessionRedisSentinelMissingName="session: redis: high_availability: option 'sentinel_name' is required"
errFmtSessionRedisSentinelNodeHostMissing="session: redis: high_availability: option 'nodes': option 'host' is required for each node but one or more nodes are missing this"
errFmtSessionDomainMustBeRoot="session: domain config %s: option 'domain' must be the domain you wish to protect not a wildcard domain but it's configured as '%s'"
errFmtSessionDomainSameSite="session: domain config %s: option 'same_site' must be one of %s but it's configured as '%s'"
errFmtSessionDomainRequired="session: domain config %s: option 'domain' is required"
errFmtSessionDomainHasPeriodPrefix="session: domain config %s: option 'domain' has a prefix of '.' which is not supported or intended behaviour: you can use this at your own risk but we recommend removing it"
errFmtSessionDomainDuplicate="session: domain config %s: option 'domain' is a duplicate value for another configured session domain"
errFmtSessionDomainDuplicateCookieScope="session: domain config %s: option 'domain' shares the same cookie domain scope as another configured session domain"
errFmtSessionDomainPortalURLInsecure="session: domain config %s: option 'authelia_url' does not have a secure scheme with a value of '%s'"
errFmtSessionDomainPortalURLNotInCookieScope="session: domain config %s: option 'authelia_url' does not share a cookie scope with domain '%s' with a value of '%s'"
errFmtSessionDomainInvalidDomain="session: domain config %s: option 'domain' is not a valid cookie domain"
errFmtSessionDomainInvalidDomainNoDots="session: domain config %s: option 'domain' is not a valid cookie domain: must have at least a single period"
errFmtSessionDomainInvalidDomainPublic="session: domain config %s: option 'domain' is not a valid cookie domain: the domain is part of the special public suffix list"
errFmtServerEndpointsAuthzStrategyDuplicate="server: endpoints: authz: %s: authn_strategies: duplicate strategy name detected with name '%s'"
errFmtServerEndpointsAuthzPrefixDuplicate="server: endpoints: authz: %s: endpoint starts with the same prefix as the '%s' endpoint with the '%s' implementation which accepts prefixes as part of its implementation"
errFmtServerEndpointsAuthzLegacyInvalidImplementation="server: endpoints: authz: %s: option 'implementation' is invalid: the endpoint with the name 'legacy' must use the 'Legacy' implementation"
errFmtPasswordPolicyStandardMinLengthNotGreaterThanZero="password_policy: standard: option 'min_length' must be greater than 0 but it's configured as %d"