Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

allow to use a persistent signing key for JWT and CSRF tokens

Browse Source 
Fixes #466
This commit is contained in:
Nicola Murino
2021-07-01 20:17:40 +02:00
parent 04001f7ad3
commit ff19879ffd
8 changed files with 86 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/rest-api.md
View File

@@ -19,10 +19,12 @@ You can get a JWT token using the `/api/v2/token` endpoint, you need to authenti
once the access token has expired, you need to get a new one.
JWT tokens are not stored and we use a randomly generated secret to sign them so if you restart SFTPGo all the previous tokens will be invalidated and you will get a 401 HTTP response code.
By default, JWT tokens are not stored and we use a randomly generated secret to sign them so if you restart SFTPGo all the previous tokens will be invalidated and you will get a 401 HTTP response code.
If you define multiple bindings, each binding will sign JWT tokens with a different secret so the token generated for a binding is not valid for the other ones.
If, instead, you want to use a persistent signing key for JWT tokens, you can define a signing passphrase via configuration file or environment variable.
You can create other administrator and assign them the following permissions:
- add users