-
Notifications
You must be signed in to change notification settings - Fork 0
/
soluble-wallit.config.php.dist
170 lines (153 loc) · 6.57 KB
/
soluble-wallit.config.php.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
use Soluble\Wallit\Token\Jwt\SignatureAlgos;
use Soluble\Wallit\Token\Jwt\JwtClaims;
use Soluble\Wallit\Token\Provider as TokenProvider;
return [
'soluble_wallit' => [
/*
|----------------------------------------------------------------------
| token-auth-middleware configuration
|----------------------------------------------------------------------
*/
'token_auth_middleware' => [
/*
|--------------------------------------------------------------------------
| Providers
|--------------------------------------------------------------------------
|
| Specify the token provider(s)
|
| they will be added to ServerRequestLazyChainProvider and will
| be executed in order of appearance.
|
| @see \Soluble\Wallit\Token\Provider\ServerRequestLazyChainProvider
| @var array
*/
'token_providers' => [
/*
* The ServerRequestAuthBearerProvider try to get
* the token from request header: 'Authentication: Bearer xxx'
*/
[TokenProvider\ServerRequestAuthBearerProvider::class => [
'httpHeader' => TokenProvider\ServerRequestAuthBearerProvider::DEFAULT_OPTIONS['httpHeader'],
'httpHeaderPrefix' => TokenProvider\ServerRequestAuthBearerProvider::DEFAULT_OPTIONS['httpHeaderPrefix'],
]],
/*
* The ServerRequestCookieProvider try to get
* the token from a cookie (default name: jwt_token')
*/
[TokenProvider\ServerRequestCookieProvider::class => [
'cookieName' => TokenProvider\ServerRequestCookieProvider::DEFAULT_OPTIONS['cookieName']
]]
],
/*
|--------------------------------------------------------------------------
| HTTPS protocol checks
|--------------------------------------------------------------------------
| To prevent security issues the auth middleware requires
| the use of secured 'https' connections.
|
| For development only, you may want to disable this check, see also
| the 'relaxed_hosts' configuration option to enable non-secure
| communication with some hosts.
|
| By default: false.
| @var boolean
*/
'allow_insecure_http' => false,
/*
|--------------------------------------------------------------------------
| Relaxed hosts for HTTPS protocol checks
|--------------------------------------------------------------------------
|
|
| @var array
*/
'relaxed_hosts' => [
'localhost'
],
],
/*
|----------------------------------------------------------------------
| token-service configuration
|----------------------------------------------------------------------
*/
'token_service' => [
/*
|----------------------------------------------------------------------
| JWT authentication secret (aka verification key)
|----------------------------------------------------------------------
|
| Secret key used for symmetric algorithms (HMAC)
|
| @var string|false
|
*/
'secret' => '',
/*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Token time to live in minutes.
|
| Defaults to one hour.
|
| Can be set to null for never expiring token. This is not a recommended
| behaviour, be sure to understand the risks and be sure to be able to
| revoke such tokens.
|
| @see refresh_ttl
| @var int|null ttl in minutes
|
*/
'ttl' => 60,
/*
|--------------------------------------------------------------------------
| Refresh time to live
|--------------------------------------------------------------------------
|
| Set the grace period that the token can be refreshed.
|
| Default to two weeks.
|
| Can be set to null for never expiring token. This is not a recommended
| behaviour, be sure to understand the risks and be sure to be able to
| revoke such tokens.
|
| @see ttl
| @var int|null ttl in minutes
*/
'refresh_ttl' => 20160,
/*
|--------------------------------------------------------------------------
| JWT hashing algorithm
|--------------------------------------------------------------------------
|
| Specify the hashing algorithm that will be used to sign the token.
|
| @var string
*/
'algo' => SignatureAlgos::HS256,
/*
|--------------------------------------------------------------------------
| Required Claims
|--------------------------------------------------------------------------
|
| Specify the required claims that must exist in any token.
| An InvalidTakenException will be thrown if any of these claims are not
| present in the payload.
|
| @var string[]
*/
'required_claims' => [
JwtClaims::ISSUER, // iss
JwtClaims::ISSUED_AT, // iat
JwtClaims::EXPIRATION_TIME, // exp
JwtClaims::NOT_BEFORE, // nbf
JwtClaims::SUBJECT, // sub
JwtClaims::ID, // jti
]
]
]
];