Concerning the SECRET parameter #861
-
|
Hi there, just a simple question concerning the SECRET parameter: |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
The secret used to sign JWT and should be a random, long, hard-to-guess string. For example, This string shouldn't match anything else, neither auth parameter nor any other parameter. I usually recommend keeping the secret's backup in someplace, but in this case, it doesn't really matter. If you lose your secret and replace with a completely different one nothing will break, and the only side effect will be a rejection of all currently logged in user (will force them to authenticate again). Pls don't use provided examples; they are just this - examples. |
Beta Was this translation helpful? Give feedback.
-
|
@umputun thank you for clarifying this aspect to me. 👍 |
Beta Was this translation helpful? Give feedback.
The secret used to sign JWT and should be a random, long, hard-to-guess string. For example,
unmaze-mirror-phu-yep-alogy-wirra-harrwill do orTLbWnWr6KF5k0XT15or anything like this.This string shouldn't match anything else, neither auth parameter nor any other parameter. I usually recommend keeping the secret's backup in someplace, but in this case, it doesn't really matter. If you lose your secret and replace with a completely different one nothing will break, and the only side effect will be a rejection of all currently logged in user (will force them to authenticate again).
Pls don't use provided examples; they are just this - examples.