Initial commit - WASL Digital Wallet

Backend/config/jwt.php

@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * |--------------------------------------------------------------------------
+ * | JWT Auth (tymon/jwt-auth) configuration for WASL mobile API
+ * | Mobile clients receive short-lived JWT access tokens. Refresh tokens are
+ * | rotated and stored hashed server-side (see Security module).
+ * |--------------------------------------------------------------------------
+ */
+
+return [
+
+    'secret' => env('JWT_SECRET'),
+
+    // Asymmetric keys (recommended for production)
+    'keys' => [
+        'public'     => env('JWT_PUBLIC_KEY'),
+        'private'    => env('JWT_PRIVATE_KEY'),
+        'passphrase' => env('JWT_PASSPHRASE'),
+    ],
+
+    'ttl' => env('JWT_TTL', 15), // 15 minutes — short-lived access token
+
+    'refresh_ttl' => env('JWT_REFRESH_TTL', 20160), // 14 days
+
+    'algo' => env('JWT_ALGO', 'HS256'),
+
+    'required_claims' => [
+        'iss',
+        'iat',
+        'exp',
+        'nbf',
+        'sub',
+        'jti',
+    ],
+
+    'persistent_claims' => [
+        'dev', // device_id — bound to the token
+        'kyc', // kyc_level — embedded for authorization checks
+    ],
+
+    'lock_subject' => true,
+
+    'leeway' => env('JWT_LEEWAY', 0),
+
+    'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
+
+    'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),
+
+    'decrypt_cookies' => false,
+
+    'providers' => [
+        'jwt'      => Tymon\JWTAuth\Providers\JWT\Lcobucci::class,
+        'auth'     => Tymon\JWTAuth\Providers\Auth\Illuminate::class,
+        'storage'  => Tymon\JWTAuth\Providers\Storage\Illuminate::class,
+    ],
+];