Authentication Configuration
The following is a list of all the preferences that can be set in application/config/authentication.lc:
| Preference | Default Value | Options | Description |
|---|---|---|---|
| sAuthenticationConf["dbGroup"] | None | The name of the database group used for authentication. Leave empty if you like to use the active group as specified in the database configuration file. | |
| sAuthenticationConf["tables"]["users"] | Users | None | The table name to use for the users table. |
| sAuthenticationConf["tables"]["groups"] | Groups | None | The table name to use for the groups table. |
| sAuthenticationConf["tables"]["usersGroups"] | UsersGroups | None | The table name to use for the users groups table. |
| sAuthenticationConf["tables"]["loginAttempts"] | LoginAttempts | None | The table name to use for the login attempts table. |
| sAuthenticationConf["join"]["users"] | userId | None | Users table column you want to join WITH. |
| sAuthenticationConf["join"]["groups"] | groupId | None | Group table column you want to join WITH. |
| sAuthenticationConf["cipher"] | bf | See LiveCode's cipherNames() function. | Cipher used to encrypt passwords (see revIgniter's Encryption Library). |
| sAuthenticationConf["hashType"] | SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512. Note: All types but SHA-1 require LC server 9.0.0 dp 7 or higher. | Hash type to be used by the encryption library (see revIgniter's Encryption Library). The default value is empty which means SHA-1 will be used. This is for backwards compatibility. If you use server version 9.0.0 dp 7 or higher please chose a more secure flavor. | |
| sAuthenticationConf["keyLength"] | 128 | See LiveCode's cipherNames() function. | Key length used to encrypt passwords (see revIgniter's Encryption Library). |
| sAuthenticationConf["authEncryptionKey"] | myKey | None | Authentication encryption key (see revIgniter's Encryption Library). |
| sAuthenticationConf["useAuthEncryptionKey"] | TRUE | TRUE or FALSE (boolean) | Set this to FALSE if you prefere to use revIgniter's universal encryption key as set in config.lc. |
| sAuthenticationConf["siteTitle"] | Example.com | None | The title of your site, used for email. |
| sAuthenticationConf["adminEmail"] | admin@example.com | None | Your administrator email address. |
| sAuthenticationConf["minLengthPassword"] | 8 | None | Minimum required password length. |
| sAuthenticationConf["maxLengthPassword"] | 20 | None | Maximum allowed password length. |
| sAuthenticationConf["emailActivation"] | TRUE | TRUE or FALSE (boolean) | Sets whether to require email user activation or not. |
| sAuthenticationConf["manualActivation"] | FALSE | TRUE or FALSE (boolean) | Sets whether to require manual user activation or not. |
| sAuthenticationConf["identityColumn"] | None | Column to use for uniquely identifing users logging in etc. You should add an index in the users table for whatever you set this option to. | |
| sAuthenticationConf["defaultGroup"] | members | None | Name of the default user group. |
| sAuthenticationConf["defaultAdminGroup"] | admin | None | Name of the admin group. |
| sAuthenticationConf["rememberUsers"] | TRUE | TRUE or FALSE (boolean) | Allow users to be remembered and enable auto-login. |
| sAuthenticationConf["autoLoginExpire"] | 129600 | None | How long to remember the user for in seconds. Set to zero for no expiration. |
| sAuthenticationConf["userExtendOnLogin"] | FALSE | TRUE or FALSE (boolean) | Extend the users session expiration everytime they auto-login. |
| sAuthenticationConf["trackLoginAttempts"] | TRUE | TRUE or FALSE (boolean) | Track the number of failed login attempts for each user or ip. |
| sAuthenticationConf["maxLoginAttempts"] | 3 | None | The maximum number of failed login attempts. This maximum is not enforced by the library. If set to 0, there is no maximum. |
| sAuthenticationConf["forgotPasswordExpiration"] | 0 | None | The number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire. |
| sAuthenticationConf["enableAuthenticationHooks"] | FALSE | TRUE or FALSE (boolean) | Enable / disable authentication "hooks". |
| sAuthenticationConf["sendEmails"] | TRUE | TRUE or FALSE (boolean) | Send emails using revIgniters Email.lc library. False means: The library returns identity, user id, email address and activation code. |
| sAuthenticationConf["emailConfig"] | mailtype: html, protocol: sendmail | file or revIgniter's Email Library prefs | Use "file" if you want emails to be sent using revIgniter's default configuration or, if present, an email config file. Use an array to manually set your email configuration. |
| sAuthenticationConf["pathToEmailTemplates"] | None | Path to your authentication mail templates relative to application/views/. Leave this BLANK unless you would like to set something other than the default emailTemplates/ folder. | |
| sAuthenticationConf["emailActivate"] | authActivate.lc | None | Name of your account activation email template. |
| sAuthenticationConf["emailForgotPassword"] | forgotPassword.lc | None | Name of your forgotten password email template. |
| sAuthenticationConf["messagePrefix"] | <p> | None | Starting delimiter for authentication related messages. |
| sAuthenticationConf["messageSuffix"] | </p> | None | Ending delimiter for authentication related messages. |
| sAuthenticationConf["errorPrefix"] | <p> | None | Starting delimiter for authentication related error messages. |
| sAuthenticationConf["errorSuffix"] | </p> | None | Ending delimiter for authentication related error messages. |
OTP preferences used for two-factor authentication:
| Preference | Default Value | Options | Description |
|---|---|---|---|
| sAuthenticationConf["otpEnabled"] | FALSE | TRUE or FALSE (boolean) | Determines the activation of OTP features. |
| sAuthenticationConf["tables"]["otp"] | otp | None | The name of the table used for storing shared secrets. |
| sAuthenticationConf["otpIssuer"] | The Issuer | None | A string identifying a provider or service managing the user's account. Used to prevent collisions in case the same account is used for different providers. |
| sAuthenticationConf["otpAlgo"] | SHA1 | SHA1, SHA256 or SHA512 | The type of cryptographic message digest the OTP algorithm is based on. |
| sAuthenticationConf["otpDigits"] | 6 | 6 or 8 | Determines the length of an OTP. |
| sAuthenticationConf["otpPeriod"] | 30 | None | Defines a period that a TOTP code will be valid for. |
| sAuthenticationConf["otpTimeWindow"] | 2 | None | A delay window to compare OTPs not only in the current period but also with the next and previous time steps. |
| sAuthenticationConf["otpQRecc"] | M | L, M, Q, H or X | QR code error correction. |
| sAuthenticationConf["otpQRsize"] | 4 | 1 to 10 inclusively | Size of the QR code displayed. |
| sAuthenticationConf["otpQRmask"] | Auto | 1 to 7 inclusively or Auto | QR code mask pattern. |
Note: If security is essential think about enabling CSRF cookies in application/config/config.lc