Merge pull request #6315 from strapi/jwtconfig

Add JWT configurations

docs/3.0.0-beta.x/plugins/users-permissions.md

@@ -74,6 +74,26 @@ axios
   });
 ```
 
+### JWT configuration
+
+You can configure option for the JWT generation by creating `extensions/users-permissions/config/security.json` file.
+We are using [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
+
+Available options:
+
+- `expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
+  Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").
+
+**Path —** `extensions/users-permissions/config/security.json`
+
+```json
+{
+  "jwt": {
+    "expiresIn": "1d"
+  }
+}
+```
+
 ### Registration
 
 Creates a new user in the database with a default role as 'registered'.

packages/strapi-plugin-users-permissions/config/security.json

@@ -0,0 +1,5 @@
+{
+  "jwt": {
+    "expiresIn": "30d"
+  }
+}

packages/strapi-plugin-users-permissions/services/Jwt.js

@@ -9,8 +9,6 @@
 const _ = require('lodash');
 const jwt = require('jsonwebtoken');
 
-const defaultJwtOptions = { expiresIn: '30d' };
-
 module.exports = {
   getToken(ctx) {
     const params = _.assign({}, ctx.request.body, ctx.request.query);
@@ -41,7 +39,7 @@ module.exports = {
   },
 
   issue(payload, jwtOptions = {}) {
-    _.defaults(jwtOptions, defaultJwtOptions);
+    _.defaults(jwtOptions, strapi.plugins['users-permissions'].config.jwt);
     return jwt.sign(
       _.clone(payload.toJSON ? payload.toJSON() : payload),
       _.get(strapi.plugins, ['users-permissions', 'config', 'jwtSecret']),