strapi · derrickmehaffy · Jan 18, 2022 · Jan 10, 2022 · Jan 13, 2022 · Jan 13, 2022
@@ -79,22 +79,29 @@ axios
 
 ### JWT configuration
 
-You can configure option for the JWT generation by creating `extensions/users-permissions/config/security.json` file.
+You can configure option for the JWT generation by using the plugin config `./config/plugins.js` file. See more information about this file in our [configuration](/developer-docs/latest/setup-deployment-guides/configurations/optional/plugins.md) section.
 We are using [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
 
 Available options:
 
-- `expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
+- `jwtSecret`: random string used to create new JWTs, typically set using the `JWT_SECRET` environment variable.
+- `jwt.expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
   Eg: 60, "45m", "10h", "2 days", "7d", "2y". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (minutes, hours, days, years, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").
 
-**Path —** `extensions/users-permissions/config/security.json`
+**Path —** `./config/plugins.js`
 
-```json
-{
-  "jwt": {
-    "expiresIn": "1d"
-  }
-}
+```js
+module.exports = ({ env }) => ({
+  // ...
+  'users-permissions': {
+    config: {
+      jwt: {
+        expiresIn: '7d',
+      },
+    },
+  },
+  // ...
+});
 ```
 
 :::warning