This commit is contained in:
@@ -2,16 +2,16 @@
|
||||
|
||||
AyaNova uses JSON Web Tokens (JWT) for authentication.
|
||||
|
||||
These time limited tokens are signed by the server using a JWT secret key combined with a site specific identifier and issued to users when they log in to the AyaNova server.
|
||||
These time limited tokens are signed by the server using a JWT secret key and issued to users when they log in to the AyaNova server.
|
||||
|
||||
Every time the user makes a request to the server the JWT is sent along as well and verified to be valid.
|
||||
|
||||
Tokens have a built in expiry mechanism of 5 days from issue.
|
||||
|
||||
Users can be prevented from logging in or accessing the server by setting them inactive which takes effect immediately regardless of how many days are left on their current access token.
|
||||
|
||||
All active tokens previously issued can be invalidated by changing this JWT Secret setting and restarting the server (or restarting the server and allowing it to choose a new secret value randomly if none is specified).
|
||||
|
||||
(Individual Users can be prevented from logging in or accessing the server by setting them inactive which takes effect immediately regardless of how many days are left on their current access token.)
|
||||
|
||||
## Default
|
||||
|
||||
If no secret key is specified the server will generate a new, random one each time it starts and this means that remote users who previously authenticated will need to login freshly if the server is restarted.
|
||||
|
||||
Reference in New Issue
Block a user