|
|
@@ -616,7 +616,7 @@ You can tune the middleware behavior using middleware specific configuration par
|
|
616
|
616
|
- "jwtAuth.header": Name of the header containing the JWT token ("X-Authorization")
|
|
617
|
617
|
- "jwtAuth.leeway": The acceptable number of seconds of clock skew ("5")
|
|
618
|
618
|
- "jwtAuth.ttl": The number of seconds the token is valid ("30")
|
|
619
|
|
-- "jwtAuth.secret": The shared secret used to sign the JWT token with ("")
|
|
|
619
|
+- "jwtAuth.secrets": The shared secret(s) used to sign the JWT token with ("")
|
|
620
|
620
|
- "jwtAuth.algorithms": The algorithms that are allowed, empty means 'all' ("")
|
|
621
|
621
|
- "jwtAuth.audiences": The audiences that are allowed, empty means 'all' ("")
|
|
622
|
622
|
- "jwtAuth.issuers": The issuers that are allowed, empty means 'all' ("")
|
|
|
@@ -731,7 +731,7 @@ Once logged in, you have to create an application (its type does not matter). Co
|
|
731
|
731
|
and `Client ID` and keep them for a later use. Then, create an API: give it a name and fill the
|
|
732
|
732
|
`identifier` field with your API endpoint's URL.
|
|
733
|
733
|
|
|
734
|
|
-Then you have to configure the `jwtAuth.secret` configuration in your `api.php` file.
|
|
|
734
|
+Then you have to configure the `jwtAuth.secrets` configuration in your `api.php` file.
|
|
735
|
735
|
Don't fill it with the `secret` you will find in your Auth0 application settings but with **a
|
|
736
|
736
|
public certificate**. To find it, go to the settings of your application, then in "Extra settings".
|
|
737
|
737
|
You will now find a "Certificates" tab where you will find your Public Key in the Signing
|
|
|
@@ -755,11 +755,11 @@ You can also change the `url` variable, used to test the API with authentication
|
|
755
|
755
|
First you need to create a Firebase project on the [Firebase console](https://console.firebase.google.com/).
|
|
756
|
756
|
Add a web application to this project and grab the code snippet for later use.
|
|
757
|
757
|
|
|
758
|
|
-Then you have to configure the `jwtAuth.secret` configuration in your `api.php` file.
|
|
|
758
|
+Then you have to configure the `jwtAuth.secrets` configuration in your `api.php` file.
|
|
759
|
759
|
Grab the public key via this [URL](https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com).
|
|
760
|
760
|
There may be several certificates, just grab the one corresponding to your `kid` (if you don't
|
|
761
|
761
|
know what it is, just test them all until you will be logged in).
|
|
762
|
|
-Now, just fill `jwtAuth.secret` with your public key.F
|
|
|
762
|
+Now, just fill `jwtAuth.secrets` with your public key.
|
|
763
|
763
|
|
|
764
|
764
|
To test your integration, you can copy the [firebase/vanilla.html](examples/clients/firebase/vanilla.html)
|
|
765
|
765
|
file and the [firebase/vanilla-success.html](examples/clients/firebase/vanilla-success.html) file,
|
Maurits van der Schee
5 years ago