Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-30 11:19:08 +01:00
Code Issues Packages Projects Releases Activity

Remove obsolete documentation

Browse Source 
Squash commits of branch feature/doc_jwt:

- Remove obsolete documentation
This commit is contained in:
Florian Scholdei
2025-03-20 09:09:12 +01:00
parent 4705e64042
commit 09be4d7815
2 changed files with 1 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/en/administration/jwt-configuration.md
View File

@@ -1,26 +0,0 @@
---
title: JWT Configuration
---
SCM-Manager uses [JWT](https://datatracker.ietf.org/doc/html/rfc7519) to authenticate its users.
The creation of JWTs can be controlled via Java system properties.
## Endless JWT
Usually a JWT contains the exp claim. This claim determines how long a JWT is valid by defining an expiration time.
If the JWT does not contain this claim, then the JWT is valid forever until the secret for the signature changes.
Per default the JWT created by the SCM-Manager contain the exp claim with a duration of one hour.
If needed, it is possible to configure the SCM-Manager, so that the JWT get created without the exp claim.
Therefore, the user session would be endless.
We advise **against** this behavior, because limited lifespans for JWT improve security.
But if you really need it, you can enable endless JWT by starting the SCM-Manager with this flag:
```
-Dscm.endlessJwt="true"
```
If you want to disable the feature, then restart the SCM-Manager without this flag.
If you want to invalidate already created endless JWT, then restarting the SCM-Manager, with the endless JWT feature disabled, is enough.
The SCM-Manager will automatically create new secrets for the JWT and therefore invalidate every already existing JWT.

2
scm-ui/ui-webapp/public/locales/en/config.json
View File

@@ -28,7 +28,7 @@
"jwtSettings": {
"subtitle": "JWT Settings",
"label": "Expiration time",
"help": "Set the JWT expiration time in hours. If you want to set the time to endless consider the 'endlessJWT' option inside the 'config.yml'.",
"help": "Set the JWT expiration time in hours. If you want to set the time to endless consider the 'endlessJwt' option inside the 'config.yml'.",
"hoursWarning": "It is not recommended to set the expiration time over 24 hours.",
"endlessWarning": "The expiration time is set to endless."
},