State Based

This handler (com.rierino.handler.auth.StatesAuthEventHandler) provides a state based implementation of AuthEventHandler, using existing states as credential store with salted passwords.

This handler uses the following extra configurations and parameters:

Handler Parameters

Parameter

Definition

Example

Default

auth.state

Name of state manager to store credentials

auth_store

auth.secret

Secret used for hashing passwords and tokens

auth.expiration

Seconds for expiration of any new access token

900

600

auth.refreshExpiration

Seconds for expiration of refresh tokens

9000

6000

auth.iterations

Number of iterations to salt passwords

auth.saltLength

Length of the salt string

auth.keyLength

Key length for PBKDF2 algorithms

1024

512

auth.algorithm

Hashing algorithm to use for storing passwords

PBKDF2WithHmacSHA256

auth.issuer

Name of issuer to include in generated tokens

Rierino

Actions

Extra event metadata parameters for this action are as follows:

Parameter

Definition

Example

Default

expiration

Seconds for expiration of access token for a specific login action

1200

Handler's configuration

Refresh

Extra event metadata parameters for this action are as follows:

Parameter

Definition

Example

Default

allowUnregistered

Whether refresh tokens should be valid if they don't belong to users in auth.state

true

false

Allowing unregistered user refresh can be used in scenarios where user registration is optional and stateless authentication mechanisms are used (e.g. OTP only login without accounts).

PreviousNo Authentication NextKeycloak Based

Last updated 4 months ago

Handler Parameters

Actions

Login

Refresh