After the plugin is installed, there will be a config file named
auth.js copied to your
/config/plugins folder. Below is the default value provided along with its explanation. Change / override it as you wish to meet your requirements.
This section contains configuration directly related to ah-auth-plugin.
enableVerification=true, Defines whether verification process is enabled. If it’s enabled then a newly signed up user and password change / reset process will, by default, lead to an email sending further instructions to complete the process.
This section contains configuration needed to sign, verify and decode JSON Web Token.
secret='some-secret', A string or buffer containing either the secret for HMAC algorithms, or the path of PEM encoded private key for RSA and ECDSA.
algorithm='HS512', Algorithm used in signing the json payload. See supported algorithms.
expire=2 hours, How long the token will expire in milisecond.
This section contains configuration for encoding / decoding user’s password.
scrypt is the default but you can define your own password hasher, as explained later in Custom Password Hasher.
maxtime=0.2, A decimal (double) representing the maxtime in seconds for running scrypt.