Configuration
After the plugin is installed, there will be a config file named auth.js
copied to your /config/plugins
folder. Below is the default value provided along with its explanation. Change / override it as you wish to meet your requirements.
Config Values
api.config.auth
This section contains configuration directly related to ah-auth-plugin.
enableVerification=true
, Defines whether verification process is enabled. If it’s enabled then a newly signed up user and password change / reset process will, by default, lead to an email sending further instructions to complete the process.
api.config.jwt
This section contains configuration needed to sign, verify and decode JSON Web Token.
secret='some-secret'
, A string or buffer containing either the secret for HMAC algorithms, or the path of PEM encoded private key for RSA and ECDSA.algorithm='HS512'
, Algorithm used in signing the json payload. See supported algorithms.expire=2 hours
, How long the token will expire in milisecond.
api.config.scrypt
This section contains configuration for encoding / decoding user’s password. scrypt
is the default but you can define your own password hasher, as explained later in Custom Password Hasher.
maxtime=0.2
, A decimal (double) representing the maxtime in seconds for running scrypt.