docs/content/configuration/identity-validation/reset-password.md
The Reset Password Identity Validation implementation ensures that users cannot perform a reset password flow without first ensuring the user is adequately identified. The settings below therefore can affect the level of security Authelia provides to your users so they should be carefully considered.
Authelia performs this process by issuing a HMAC signed JWT. The JWT is serialized and generated by Authelia itself, the admin must only provide a secret random string known as the jwt_secret.
{{< config-alert-example >}}
identity_validation:
reset_password:
jwt_secret: ''
jwt_lifespan: '5 minutes'
jwt_algorithm: 'HS256'
This section describes the individual configuration options.
{{< confkey type="string" required="yes" >}}
The secret used with the HMAC algorithm to sign the JWT. This value should be an arbitrary random string with printable ASCII characters.
It is strongly recommended this is a Random Alphanumeric String with 64 or more characters.
{{< confkey type="string,integer" syntax="duration" default="5 minutes" required="no" >}}
The lifespan of the JSON Web Token after it's initially generated after which it's considered invalid.
{{< confkey type="string" default="HS256" required="no" >}}
The JSON Web Token Algorithm used to sign the JWT. Must be HS256, HS384, or HS512.