Add different secrets for different tokenization strategies

Vizzuality · Aug 6, 2023 · d5598f5 · d5598f5
1 parent 9ff91c4
commit d5598f5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/api/config/custom-environment-variables.json b/api/config/custom-environment-variables.json
@@ -12,7 +12,9 @@
     "signUpIsPublic": "SIGN_UP_IS_PUBLIC",
     "jwt": {
       "expiresIn": "JWT_EXPIRES_IN",
-      "secret": "JWT_SECRET"
+      "secret": "JWT_SECRET",
+      "accountActivationSecret": "JWT_ACTIVATION_SECRET",
+      "passwordRecoverySecret": "JWT_RESET_SECRET"
     },
     "password": {
       "minLength": "PASSWORD_MIN_LENGTH",

diff --git a/api/config/default.json b/api/config/default.json
@@ -18,7 +18,9 @@
     "signUpIsPublic": true,
     "jwt": {
       "expiresIn": "2h",
-      "secret": null
+      "secret": null,
+      "accountActivationSecret": "mySecretForAccountActivation",
+      "passwordRecoverySecret": "mySecretForPasswordReset"
     },
     "password": {
       "minLength": 6,

diff --git a/api/config/test.json b/api/config/test.json
@@ -27,7 +27,9 @@
     "requireUserAccountActivation": true,
     "jwt": {
       "expiresIn": "1d",
-      "secret": "myVeryBadJWTSecretForTests"
+      "secret": "myVeryBadJWTSecretForTests",
+      "accountActivationSecret": "mySecretForAccountActivation",
+      "passwordRecoverySecret": "mySecretForPasswordReset"
     }
   },
   "geolocation": {