Skip to content

Cast selected JWT config values from env() for type safety #2293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
samironbarai wants to merge 1 commit into
base: 2.x
Choose a base branch
from
+8 −4
Open

Cast selected JWT config values from env() for type safety #2293

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions config/config.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour.
| Casting to int ensures proper numeric behavior.
|
| You can also set this to null, to yield a never expiring token.
| Some people may want this behaviour for e.g. a mobile app.
Expand All @@ -101,7 +102,7 @@
|
*/

'ttl' => env('JWT_TTL', 60),
'ttl' => (int) env('JWT_TTL', 60),

/*
|--------------------------------------------------------------------------
Expand All @@ -112,6 +113,7 @@
| within. I.E. The user can refresh their token within a 2 week window of
| the original token being created until they must re-authenticate.
| Defaults to 2 weeks.
| Casting to int ensures proper numeric behavior.
|
| You can also set this to null, to yield an infinite refresh time.
| Some may want this instead of never expiring tokens for e.g. a mobile app.
Expand All @@ -120,7 +122,7 @@
|
*/

'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),
'refresh_ttl' => (int) env('JWT_REFRESH_TTL', 20160),

/*
|--------------------------------------------------------------------------
Expand Down Expand Up @@ -198,14 +200,15 @@
| This property gives the jwt timestamp claims some "leeway".
| Meaning that if you have any unavoidable slight clock skew on
| any of your servers then this will afford you some level of cushioning.
| Casting to int ensures numeric behavior.
|
| This applies to the claims `iat`, `nbf` and `exp`.
|
| Specify in seconds - only if you know you need it.
|
*/

'leeway' => env('JWT_LEEWAY', 0),
'leeway' => (int) env('JWT_LEEWAY', 0),

/*
|--------------------------------------------------------------------------
Expand All @@ -214,10 +217,11 @@
|
| In order to invalidate tokens, you must have the blacklist enabled.
| If you do not want or need this functionality, then set this to false.
| Casting to bool ensures proper boolean behavior.
|
*/

'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
'blacklist_enabled' => (bool) env('JWT_BLACKLIST_ENABLED', true),

/*
| -------------------------------------------------------------------------
Expand Down