diff --git a/.env.example b/.env.example
index 4f59454..515816c 100644
--- a/.env.example
+++ b/.env.example
@@ -313,6 +313,25 @@ IDP_DOMAIN=
 IDP_ISSUER_URL=
 # Url of the account edit page from your Identity Provider.
 IDP_ACCOUNT_URL=
+# Global Client ID, you can overwrite it by defining a client specific client id
+OC_OIDC_CLIENT_ID="{{ item.oc_oidc_client_id }}"
+# Declares which property should be used for the oidc claim
+PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM="roles"
+# claim_role to opencloud mapping
+OC_OIDC_CLIENT_SCOPES="openid profile email roles offline_access"
+# Unfortunetely needed at the moment (be careful to set it to none in prod)
+# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
+# Allow OpenCloud, to show Authentik Login-Frame
+PROXY_CSP_CONFIG_FILE_LOCATION="/etc/ocis/csp.yaml"
+# Client specific environment vars
+#WEBFINGER_WEB_OIDC_CLIENT_ID=
+#WEBFINGER_WEB_OIDC_CLIENT_SCOPES=
+#WEBFINGER_IOS_OIDC_CLIENT_ID=
+#WEBFINGER_IOS_OIDC_CLIENT_SCOPES=
+#WEBFINGER_ANDROID_OIDC_CLIENT_ID=
+#WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES=
+#WEBFINGER_DESKTOP_OIDC_CLIENT_ID=
+#WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES=
 
 ## Shared User Directory Mode ##
 # Use together with idm/ldap-keycloak.yml and traefik/ldap-keycloak.yml