Configuration Options¶
You can change many options for how this extension works via
app.config[OPTION_NAME] = new_options
General Options:¶
JWT_TOKEN_LOCATION |
Where to look for a JWT when processing a request. The
options are 'headers' , 'cookies' , 'query_string' , or 'json' . You can pass
in a list to check more then one location, such as: ['headers', 'cookies'] .
Defaults to 'headers' |
JWT_ACCESS_TOKEN_EXPIRES |
How long an access token should live before it expires. This
takes a datetime.timedelta , and defaults to 15 minutes.
Can be set to False to disable expiration. |
JWT_REFRESH_TOKEN_EXPIRES |
How long a refresh token should live before it expires. This
takes a datetime.timedelta , and defaults to 30 days.
Can be set to False to disable expiration. |
JWT_ALGORITHM |
Which algorithm to sign the JWT with. See here
for the options. Defaults to 'HS256' . |
JWT_SECRET_KEY |
The secret key needed for symmetric based signing algorithms,
such as HS* . If this is not set, we use the
sanic SECRET_KEY value instead. |
JWT_PUBLIC_KEY |
The public key needed for asymmetric based signing algorithms, such as RS* or ES*. PEM format expected. |
JWT_PRIVATE_KEY |
The private key needed for asymmetric based signing algorithms, such as RS* or ES*. PEM format expected. |
JWT_IDENTITY_CLAIM |
Claim in the tokens that is used as source of identity.
For interoperability, the JWT RFC recommends using 'sub' .
Defaults to 'identity' for legacy reasons. |
JWT_USER_CLAIMS |
Claim in the tokens that is used to store user claims.
Defaults to 'user_claims' . |
JWT_CLAIMS_IN_REFRESH_TOKEN |
If user claims should be included in refresh tokens.
Defaults to False . |
JWT_ERROR_MESSAGE_KEY |
The key of the error message in a JSON error response when using
the default error handlers.
Defaults to 'msg' . |
RBAC_ENABLE |
Role-based access control (RBAC) enable option.
Defaults to False |
Header Options:¶
These are only applicable if JWT_TOKEN_LOCATION
is set to use headers.
JWT_HEADER_NAME |
What header to look for the JWT in a request. Defaults to 'Authorization' |
JWT_HEADER_TYPE |
What type of header the JWT is in. Defaults to 'Bearer' . This can be
an empty string, in which case the header contains only the JWT
(insead of something like HeaderName: Bearer <JWT> ) |