User token
A FlowerDocs client, such as FlowerDocs GUI, requires authentication to communicate with FlowerDocs Core. This authentication is submitted in the form of a _JWT_s token.
A token is generated by FlowerDocs Core and is signed using an HMAC calculated from the SHA-256 hashing algorithm and a secret key.
Each time a request is received, FlowerDocs Core validates the token supplied with the secret key.
By default, this secret key is randomly generated (32 characters long) at FlowerDocs Core startup. It is advisable to define it in the core.properties file using the token.key parameter.
A token is valid for 3600s (60 minutes) from the moment it is generated. To change this validity period, the
token.expiration.time parameter (duration in seconds) can be defined at the FlowerDocs Core level.
In some cases, it may be necessary to include the password of the account used in the generated token. This configuration can be activated using the following parameters:
- Inclusion:
token.password.include(default valuefalse) - Passphrase:
token.password.passphrase - Iv:
token.password.iv
gui.session.timeout (seconds - default value 1800)