admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9a16cd0d2d7bbdd7f667b195ef170e32d9cc74ae
raven/docs/8.0/ayanova/docs/ops-config-jwt-secret.md
John Cardinal 2b729a633f
2019-01-18 18:39:24 +00:00

47 lines
2.1 KiB
Markdown
Raw Blame History

# JWT secret setting
AyaNova uses JSON Web Tokens (JWT) for authentication.
These time limited tokens are signed by the server using a secret key and issued to users when they log in to the AyaNova server.
Every time the user makes a request to the server the JWT is sent along as well and verified to be valid.
Tokens have a built in expiry mechanism of 7 days from issue to force users to re-login at periodic intervals.
Users can be prevented from logging in even if they have a valid token by setting them to inactive.
All active tokens previously issued can be invalidated by changing this JWT Secret setting and restarting the server (or restarting the server and allowing it to choose a new secret value randomly if none is specified).
## Default
If no secret key is specified the server will generate a new, random one each time it starts and this means that remote users who previously authenticated will need to login freshly if the server is restarted.
If you would like to ensure that a server reboot does not affect remote users credentials then you can specify a value for the secret key so that the same key will always be used by the server even if it reboots.
## Overriding
AyaNova expects the JWT secret to be provided by an environment variable or command line parameter named
`AYANOVA_JWT_SECRET`
The value specified should be a string of up to 32 characters, for example:
`02847This_is_my_secret_key456576`
If fewer than 32 characters are provided they secret will be padded out to 32 characters. If more than 32 characters are specified it will only use the first 32.
You should use the same precautions as for choosing any other password and ensure the secret is not well known or easily looked up in a dictionary. 32 random characters would be sufficient.
Example command line parameter
`dotnet run --AYANOVA_JWT_SECRET="02847This_is_my_secret_key456576"`
Example environment variable
Windows
`set "AYANOVA_JWT_SECRET=02847This_is_my_secret_key456576"`
Linux / MAC
`export AYANOVA_JWT_SECRET="02847This_is_my_secret_key456576"`
If both a command line parameter and an environment variable are set the command line parameter takes precedence.
Reference in New Issue View Git Blame Copy Permalink