shield/src/Config/AuthJWT.php at 7b6c44f1d4572ec3a6209cfc7d08c41a9408bcd5 · michalsn/shield · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter Shield.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\Shield\Config;

use CodeIgniter\Config\BaseConfig;

/**
 * JWT Authenticator Configuration
 */
class AuthJWT extends BaseConfig
{
    /**
     * --------------------------------------------------------------------
     * Name of Authenticator Header
     * --------------------------------------------------------------------
     * The name of Header that the Authorization token should be found.
     * According to the specs, this should be `Authorization`, but rare
     * circumstances might need a different header.
     */
    public string $authenticatorHeader = 'Authorization';

    /**
     * --------------------------------------------------------------------
     * The Default Payload Items
     * --------------------------------------------------------------------
     * All JWTs will have these claims in the payload.
     *
     * @var array<string, string>
     */
    public array $defaultClaims = [
        'iss' => '<Issuer of the JWT>',
    ];

    /**
     * --------------------------------------------------------------------
     * The Keys
     * --------------------------------------------------------------------
     * The key of the array is the key group name.
     * The first key of the group is used for signing.
     *
     * @var         array<string, array<int, array<string, string>>>
     * @phpstan-var array<string, list<array<string, string>>>
     */
    public array $keys = [
        'default' => [
            // Symmetric Key
            [
                'kid' => '',      // Key ID. Optional if you have only one key.
                'alg' => 'HS256', // algorithm.
                // Set secret random string. Needs at least 256/384/512 bits for HS256/HS384/HS512.
                // E.g., $ php -r 'echo base64_encode(random_bytes(32));'
                'secret' => '<Set secret random string>',
            ],
            // Asymmetric Key
            // [
            //     'kid'        => '',      // Key ID. Optional if you have only one key.
            //     'alg'        => 'RS256', // algorithm.
            //     'public'     => '',      // Public Key
            //     'private'    => '',      // Private Key
            //     'passphrase' => ''       // Passphrase
            // ],
        ],
    ];

    /**
     * --------------------------------------------------------------------
     * Time To Live (in seconds)
     * --------------------------------------------------------------------
     * Specifies the amount of time, in seconds, that a token is valid.
     */
    public int $timeToLive = HOUR;

    /**
     * --------------------------------------------------------------------
     * Record Login Attempts
     * --------------------------------------------------------------------
     * Whether login attempts are recorded in the database.
     *
     * Valid values are:
     * - Auth::RECORD_LOGIN_ATTEMPT_NONE
     * - Auth::RECORD_LOGIN_ATTEMPT_FAILURE
     * - Auth::RECORD_LOGIN_ATTEMPT_ALL
     */
    public int $recordLoginAttempt = Auth::RECORD_LOGIN_ATTEMPT_FAILURE;
}