This commit is contained in:
@@ -5,10 +5,12 @@ AyaNova uses JSON Web Tokens (JWT) for authentication.
|
||||
These time limited tokens are signed by the server using a secret key and issued to users when they log in to the AyaNova server.
|
||||
Every time the user makes a request to the server the JWT is sent along as well and verified to be valid.
|
||||
|
||||
Tokens have a built in expiry mechanism to force users to re-login at periodic intervals in the range of days to weeks.
|
||||
Tokens have a built in expiry mechanism of 7 days from issue to force users to re-login at periodic intervals.
|
||||
|
||||
Users can be prevented from logging in even if they have a valid token by setting them to inactive.
|
||||
|
||||
All active tokens previously issued can be invalidated by changing this JWT Secret setting and restarting the server (or restarting the server and allowing it to choose a new secret value randomly if none is specified).
|
||||
|
||||
## Default
|
||||
|
||||
If no secret key is specified the server will generate a new, random one each time it starts and this means that remote users who previously authenticated will need to login freshly if the server is restarted.
|
||||
|
||||
Reference in New Issue
Block a user