Spaces:
Running
Running
| /* | |
| * This file is part of jwt-auth. | |
| * | |
| * (c) Sean Tymon <tymon148@gmail.com> | |
| * | |
| * For the full copyright and license information, please view the LICENSE | |
| * file that was distributed with this source code. | |
| */ | |
| return [ | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | JWT Authentication Secret | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Don't forget to set this in your .env file, as it will be used to sign | |
| | your tokens. A helper command is provided for this: | |
| | `php artisan jwt:secret` | |
| | | |
| | Note: This will be used for Symmetric algorithms only (HMAC), | |
| | since RSA and ECDSA use a private/public key combo (See below). | |
| | | |
| */ | |
| 'secret' => env('JWT_SECRET'), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | JWT Authentication Keys | |
| |-------------------------------------------------------------------------- | |
| | | |
| | The algorithm you are using, will determine whether your tokens are | |
| | signed with a random string (defined in `JWT_SECRET`) or using the | |
| | following public & private keys. | |
| | | |
| | Symmetric Algorithms: | |
| | HS256, HS384 & HS512 will use `JWT_SECRET`. | |
| | | |
| | Asymmetric Algorithms: | |
| | RS256, RS384 & RS512 / ES256, ES384 & ES512 will use the keys below. | |
| | | |
| */ | |
| 'keys' => [ | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Public Key | |
| |-------------------------------------------------------------------------- | |
| | | |
| | A path or resource to your public key. | |
| | | |
| | E.g. 'file://path/to/public/key' | |
| | | |
| */ | |
| 'public' => env('JWT_PUBLIC_KEY'), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Private Key | |
| |-------------------------------------------------------------------------- | |
| | | |
| | A path or resource to your private key. | |
| | | |
| | E.g. 'file://path/to/private/key' | |
| | | |
| */ | |
| 'private' => env('JWT_PRIVATE_KEY'), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Passphrase | |
| |-------------------------------------------------------------------------- | |
| | | |
| | The passphrase for your private key. Can be null if none set. | |
| | | |
| */ | |
| 'passphrase' => env('JWT_PASSPHRASE'), | |
| ], | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | JWT time to live | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the length of time (in minutes) that the token will be valid for. | |
| | Defaults to 1 hour. | |
| | | |
| | You can also set this to null, to yield a never expiring token. | |
| | Some people may want this behaviour for e.g. a mobile app. | |
| | This is not particularly recommended, so make sure you have appropriate | |
| | systems in place to revoke the token if necessary. | |
| | Notice: If you set this to null you should remove 'exp' element from 'required_claims' list. | |
| | | |
| */ | |
| 'ttl' => env('JWT_TTL', 25200), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Refresh time to live | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the length of time (in minutes) that the token can be refreshed | |
| | within. I.E. The user can refresh their token within a 2 week window of | |
| | the original token being created until they must re-authenticate. | |
| | Defaults to 2 weeks. | |
| | | |
| | You can also set this to null, to yield an infinite refresh time. | |
| | Some may want this instead of never expiring tokens for e.g. a mobile app. | |
| | This is not particularly recommended, so make sure you have appropriate | |
| | systems in place to revoke the token if necessary. | |
| | | |
| */ | |
| 'refresh_ttl' => env('JWT_REFRESH_TTL', 20160), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | JWT hashing algorithm | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the hashing algorithm that will be used to sign the token. | |
| | | |
| | See here: https://github.com/namshi/jose/tree/master/src/Namshi/JOSE/Signer/OpenSSL | |
| | for possible values. | |
| | | |
| */ | |
| 'algo' => env('JWT_ALGO', 'HS256'), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Required Claims | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the required claims that must exist in any token. | |
| | A TokenInvalidException will be thrown if any of these claims are not | |
| | present in the payload. | |
| | | |
| */ | |
| 'required_claims' => [ | |
| 'iss', | |
| 'iat', | |
| 'exp', | |
| 'nbf', | |
| 'sub', | |
| 'jti', | |
| ], | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Persistent Claims | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the claim keys to be persisted when refreshing a token. | |
| | `sub` and `iat` will automatically be persisted, in | |
| | addition to the these claims. | |
| | | |
| | Note: If a claim does not exist then it will be ignored. | |
| | | |
| */ | |
| 'persistent_claims' => [ | |
| // 'foo', | |
| // 'bar', | |
| ], | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Lock Subject | |
| |-------------------------------------------------------------------------- | |
| | | |
| | This will determine whether a `prv` claim is automatically added to | |
| | the token. The purpose of this is to ensure that if you have multiple | |
| | authentication models e.g. `App\User` & `App\OtherPerson`, then we | |
| | should prevent one authentication request from impersonating another, | |
| | if 2 tokens happen to have the same id across the 2 different models. | |
| | | |
| | Under specific circumstances, you may want to disable this behaviour | |
| | e.g. if you only have one authentication model, then you would save | |
| | a little on token size. | |
| | | |
| */ | |
| 'lock_subject' => true, | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Leeway | |
| |-------------------------------------------------------------------------- | |
| | | |
| | This property gives the jwt timestamp claims some "leeway". | |
| | Meaning that if you have any unavoidable slight clock skew on | |
| | any of your servers then this will afford you some level of cushioning. | |
| | | |
| | This applies to the claims `iat`, `nbf` and `exp`. | |
| | | |
| | Specify in seconds - only if you know you need it. | |
| | | |
| */ | |
| 'leeway' => env('JWT_LEEWAY', 0), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Blacklist Enabled | |
| |-------------------------------------------------------------------------- | |
| | | |
| | In order to invalidate tokens, you must have the blacklist enabled. | |
| | If you do not want or need this functionality, then set this to false. | |
| | | |
| */ | |
| 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true), | |
| /* | |
| | ------------------------------------------------------------------------- | |
| | Blacklist Grace Period | |
| | ------------------------------------------------------------------------- | |
| | | |
| | When multiple concurrent requests are made with the same JWT, | |
| | it is possible that some of them fail, due to token regeneration | |
| | on every request. | |
| | | |
| | Set grace period in seconds to prevent parallel request failure. | |
| | | |
| */ | |
| 'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0), | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Cookies encryption | |
| |-------------------------------------------------------------------------- | |
| | | |
| | By default Laravel encrypt cookies for security reason. | |
| | If you decide to not decrypt cookies, you will have to configure Laravel | |
| | to not encrypt your cookie token by adding its name into the $except | |
| | array available in the middleware "EncryptCookies" provided by Laravel. | |
| | see https://laravel.com/docs/master/responses#cookies-and-encryption | |
| | for details. | |
| | | |
| | Set it to true if you want to decrypt cookies. | |
| | | |
| */ | |
| 'decrypt_cookies' => false, | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Providers | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the various providers used throughout the package. | |
| | | |
| */ | |
| 'providers' => [ | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | JWT Provider | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the provider that is used to create and decode the tokens. | |
| | | |
| */ | |
| 'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class, | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Authentication Provider | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the provider that is used to authenticate users. | |
| | | |
| */ | |
| 'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class, | |
| /* | |
| |-------------------------------------------------------------------------- | |
| | Storage Provider | |
| |-------------------------------------------------------------------------- | |
| | | |
| | Specify the provider that is used to store tokens in the blacklist. | |
| | | |
| */ | |
| 'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class, | |
| ], | |
| ]; | |