The settings are declared in YAML files inside the
The default settings which are used during development can be found in default.yml. When running tests settings can be overridden in test.yml. For production we use production.yml to override settings.
The settings are organized in the following sections:
- jwtauth: settings for more.jwtauth identity_policy
- database: setup the database server
- smtp: setup the mail client
- token: tune token creation by the TokenService
You can also override settings for Morepath extensions with their corresponding
settings section. Like
which uses the
For a detailed description of 'more.jwtauth' settings take a look at the docs.
You should at least change the
master_secret and it's recommended to set
different ones for default, test and production settings.
Auth-boilerplate uses an
expiration_delta of 10 minutes and the default
refresh_delta of 7 days. This means that the JWT token including user data
gets refreshed after 10 minutes. When a user isn't active for 7 days he will
get logged out. Adjust these settings to your needs.
allow_refresh is set to
false, refreshing the JWT token is disabled.
verify_expiration_on_refresh is set to
true, you can refresh the token
only if it's not yet expired.
Setup your database server. For details see the PonyORM documentation.
This section provides the parameters needed for setting up the database:
- provider - one of the following:
- other parameters specific for the chosen database provider
When overriding, parameters which are not needed anymore have
to be explicitly unset by setting them to
Auth-boilerplate uses for development SQLite with a file-based data store, for testing SQLite with an in-memory database and in production PostgreSQL.
The configuration for the Yagmail SMTP client. For details see the Yagmail docs.
- username: the SMTP username - instead you can store the username in a
.yagmailfile in your home folder which contains just the email username
- password: the SMTP password - this can alternatively be stored in the keyring
- host: SMTP server host
- port: SMTP port
- starttls: use starttls (boolean)
- ssl: use SSL (boolean)
- skip_login: skip smtp login (boolean)
Configuration for the TokenService.
- secret: the secret for creating the token
- max_age: time in seconds after which the token expires