admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ccfa01050da13490e118a5a055b59c77faedabb
raven/docs/8.0/ayanova/docs/ops-config-jwt-secret.md
John Cardinal 2b729a633f
2019-01-18 18:39:24 +00:00

2.1 KiB
Raw Blame History

JWT secret setting

AyaNova uses JSON Web Tokens (JWT) for authentication.

These time limited tokens are signed by the server using a secret key and issued to users when they log in to the AyaNova server. Every time the user makes a request to the server the JWT is sent along as well and verified to be valid.

Tokens have a built in expiry mechanism of 7 days from issue to force users to re-login at periodic intervals.

Users can be prevented from logging in even if they have a valid token by setting them to inactive.

All active tokens previously issued can be invalidated by changing this JWT Secret setting and restarting the server (or restarting the server and allowing it to choose a new secret value randomly if none is specified).

Default

If no secret key is specified the server will generate a new, random one each time it starts and this means that remote users who previously authenticated will need to login freshly if the server is restarted.

If you would like to ensure that a server reboot does not affect remote users credentials then you can specify a value for the secret key so that the same key will always be used by the server even if it reboots.

Overriding

AyaNova expects the JWT secret to be provided by an environment variable or command line parameter named

AYANOVA_JWT_SECRET

The value specified should be a string of up to 32 characters, for example: 02847This_is_my_secret_key456576 If fewer than 32 characters are provided they secret will be padded out to 32 characters. If more than 32 characters are specified it will only use the first 32.

You should use the same precautions as for choosing any other password and ensure the secret is not well known or easily looked up in a dictionary. 32 random characters would be sufficient.

Example command line parameter

dotnet run --AYANOVA_JWT_SECRET="02847This_is_my_secret_key456576"

Example environment variable

Windows

set "AYANOVA_JWT_SECRET=02847This_is_my_secret_key456576"

Linux / MAC

export AYANOVA_JWT_SECRET="02847This_is_my_secret_key456576"

If both a command line parameter and an environment variable are set the command line parameter takes precedence.

Reference in New Issue View Git Blame Copy Permalink