58 lines
1.5 KiB
PHP
58 lines
1.5 KiB
PHP
<?php
|
|
|
|
/*
|
|
* |--------------------------------------------------------------------------
|
|
* | JWT Auth (tymon/jwt-auth) configuration for WASL mobile API
|
|
* | Mobile clients receive short-lived JWT access tokens. Refresh tokens are
|
|
* | rotated and stored hashed server-side (see Security module).
|
|
* |--------------------------------------------------------------------------
|
|
*/
|
|
|
|
return [
|
|
|
|
'secret' => env('JWT_SECRET'),
|
|
|
|
// Asymmetric keys (recommended for production)
|
|
'keys' => [
|
|
'public' => env('JWT_PUBLIC_KEY'),
|
|
'private' => env('JWT_PRIVATE_KEY'),
|
|
'passphrase' => env('JWT_PASSPHRASE'),
|
|
],
|
|
|
|
'ttl' => env('JWT_TTL', 15), // 15 minutes — short-lived access token
|
|
|
|
'refresh_ttl' => env('JWT_REFRESH_TTL', 20160), // 14 days
|
|
|
|
'algo' => env('JWT_ALGO', 'HS256'),
|
|
|
|
'required_claims' => [
|
|
'iss',
|
|
'iat',
|
|
'exp',
|
|
'nbf',
|
|
'sub',
|
|
'jti',
|
|
],
|
|
|
|
'persistent_claims' => [
|
|
'dev', // device_id — bound to the token
|
|
'kyc', // kyc_level — embedded for authorization checks
|
|
],
|
|
|
|
'lock_subject' => true,
|
|
|
|
'leeway' => env('JWT_LEEWAY', 0),
|
|
|
|
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
|
|
|
|
'blacklist_grace_period' => env('JWT_BLACKLIST_GRACE_PERIOD', 0),
|
|
|
|
'decrypt_cookies' => false,
|
|
|
|
'providers' => [
|
|
'jwt' => Tymon\JWTAuth\Providers\JWT\Lcobucci::class,
|
|
'auth' => Tymon\JWTAuth\Providers\Auth\Illuminate::class,
|
|
'storage' => Tymon\JWTAuth\Providers\Storage\Illuminate::class,
|
|
],
|
|
];
|