Reset Password

The Reset Password Identity Validation implementation ensures that users cannot perform a reset password flow without first ensuring the user is adequately identified. The settings below therefore can affect the level of security Authelia provides to your users so they should be carefully considered.

This process is performed by issuing a HMAC signed JWT using a secret key only known by Authelia.

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

identity_validation:
  reset_password:
    jwt_lifespan: '5 minutes'
    jwt_algorithm: 'HS256'
    jwt_secret: ''

Options

This section describes the individual configuration options.

jwt_lifespan

string integer duration 5 minutes not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The lifespan of the JSON Web Token after it’s initially generated after which it’s considered invalid.

jwt_algorithm

string HS256 not required

The JSON Web Token Algorithm used to sign the JWT. Must be HS256, HS384, or HS512.

jwt_secret

string required

The secret used with the HMAC algorithm to sign the JWT.

It’s strongly recommended this is a Random Alphanumeric String with 64 or more characters.

Last updated on October 24, 2024

Edit this page on GitHub

Elevated Session

Session

Reset Password

Configuration#

Options#

jwt_lifespan#

jwt_algorithm#

jwt_secret#

Configuration

Options

jwt_lifespan

jwt_algorithm

jwt_secret