| 123456789101112131415161718192021222324252627 |
- package auth
- import (
- "time"
- )
- const (
- // The key name used to store user id in the context
- // user id is extracted from the jwt token subject field.
- UserIDContextKey = "user-id"
- // issuer is the issuer of the jwt token.
- Issuer = "memos"
- // Signing key section. For now, this is only used for signing, not for verifying since we only
- // have 1 version. But it will be used to maintain backward compatibility if we change the signing mechanism.
- KeyID = "v1"
- // AccessTokenAudienceName is the audience name of the access token.
- AccessTokenAudienceName = "user.access-token"
- AccessTokenDuration = 7 * 24 * time.Hour
- // CookieExpDuration expires slightly earlier than the jwt expiration. Client would be logged out if the user
- // cookie expires, thus the client would always logout first before attempting to make a request with the expired jwt.
- // Suppose we have a valid refresh token, we will refresh the token in cases:
- // 1. The access token has already expired, we refresh the token so that the ongoing request can pass through.
- CookieExpDuration = AccessTokenDuration - 1*time.Minute
- // AccessTokenCookieName is the cookie name of access token.
- AccessTokenCookieName = "memos.access-token"
- )
|
