QWC DB authentication service
Type: objectJSON Schema
Type: stringFormat: uri Default: "https://raw.githubusercontent.com/qwc-services/qwc-db-auth/master/schemas/qwc-db-auth.json"Reference to JSON schema of this config
Service name
Type: constSpecific value:
"db-auth"
Config options
Type: objectDB connection URL
The name of the DB schema which stores the qwc config. Default: qwc_config
Min password length. Default: 8
Max password length, or -1
to disable. Default: -1
List of RegExes for additional password constraints. Default: []
Each item of this array must be:
Min number of password_constraints to match for password to be valid. Default: 0
Validation message if password constraints are not met. Default: Password does not match constraints
Number of days until password expires, or -1
to disable. Default: -1
Show an expiry notice within this number of days before a password expires, or -1
to disable. Default: -1
Min number of seconds before password may be changed again, or -1 to disable. Default: -1
Set whether previous passwords may be reused or not. Default: true
List of user info fields to include in JWT identity. Default: []
Each item of this array must be:
URL to a logo image to show in the login form. Default: null
URL to a background image for the login page. Default: null
URL of custom stylesheet. Default: null
URL to terms of use. Default: null
Login hint text, shown above login form fields. Either a string, or dictionary {"<lang>": "<text>"}
. When providing a dictionary, the entry matching the current locale will be searched, with fallback to en
if no entry for the current locale exists, and fallback to an empty string if no en
entry exists. Default: null
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^[a-z]{2}$
Type: string
Whether 'username' and 'password', and possibly additional parameters, are passed as POST parameters. Additional parameters are appended to the target url query. Default: false
Maximum login attempts before login is blocked. Default: 20
Enable two factor authentication using TOTP. Default: false
Whether to enable two-factor authentication using TOTP for admin. Default: false
Issuer name for QR code URI. Default: QWC Services
How many seconds an IP will remain in the blacklist. See also ip_blacklist_max_attempt_count
. Default: 300
After how many failed login attempts an IP will be blacklisted. Should be less than max_login_attempts
. See also ip_blacklist_duration
. Default: 10
Whether to force users to change the password on first login. Default: false