|
|
@@ -8,6 +8,7 @@ weight: 1
|
|
|
The `AuthOptions` define how authentication is managed.
|
|
|
|
|
|
## tokenMethod
|
|
|
+{{< config-option type="'cookie' | 'bearer'" default="'cookie'" >}}
|
|
|
|
|
|
Sets the method by which the session token is delivered and read.
|
|
|
|
|
|
@@ -15,18 +16,21 @@ Sets the method by which the session token is delivered and read.
|
|
|
* "bearer": Upon login, the token is returned in the response and should be then stored by the client app. Each request should include the header "Authorization: Bearer <token>".
|
|
|
|
|
|
## sessionSecret
|
|
|
+{{< config-option type="string" default="'session-secret'" >}}
|
|
|
|
|
|
The secret used for signing the session cookies for authenticated users. Only applies when tokenMethod is set to "cookie". In production applications, this should not be stored as a string in source control for security reasons, but may be loaded from an external file not under source control, or from an environment variable, for example.
|
|
|
|
|
|
## authTokenHeaderKey
|
|
|
+{{< config-option type="string" default="'vendure-auth-token'" >}}
|
|
|
|
|
|
-Sets the header property which will be used to send the auth token when using the "bearer" method. Defaults to "vendure-auth-token".
|
|
|
+Sets the header property which will be used to send the auth token when using the "bearer" method.
|
|
|
|
|
|
## sessionDuration
|
|
|
+{{< config-option type="string | number" default="'7d'" >}}
|
|
|
|
|
|
Session duration, i.e. the time which must elapse from the last authenticted request after which the user must re-authenticate.
|
|
|
|
|
|
-Expressed as a string describing a time span per [zeit/ms](https://github.com/zeit/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`. Defaults to `"7d"`.
|
|
|
+Expressed as a string describing a time span per [zeit/ms](https://github.com/zeit/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`.
|
|
|
|
|
|
## requireVerification
|
|
|
|
Michael Bromley