.env.example

# APPLICATION
APPLICATION_TITLE="FastAPI Nested JWT Authentication"
APPLICATION_SUMMARY="Complete FastAPI JWT authentication example using Nested JWT (JWS + JWE), rotating access/refresh tokens, token blacklist and revocation on logout, secure HttpOnly cookies, and production-focused security best practices for modern backend authentication."
APPLICATION_DESCRIPTION="### 🔐 FastAPI Nested JWT Authentication

This project provides a complete example of building secure authentication in FastAPI using Nested JWT (JWS + JWE), combining signed and encrypted tokens for stronger protection of authentication data. It is ideal for developers looking to implement production-ready authentication flows with modern backend security best practices.

This project includes:
- **FastAPI**: A modern, high-performance web framework for building APIs with Python.
- **Nested JWT (JWS + JWE)**: Signed and encrypted JWT tokens for integrity, authenticity, and confidentiality.
- **Access and Refresh Tokens**: Secure token-based authentication with short-lived access tokens and rotating refresh tokens.
- **Token Rotation**: Refresh token rotation to reduce replay risks and improve session security.
- **Token Revocation and Blacklist**: Support for token invalidation on logout and blacklist-based blocking of compromised tokens.
- **Secure Cookies**: Authentication handled through secure, HttpOnly cookies instead of exposing tokens in responses.
- **Claims Validation**: Strict validation of token claims such as issuer, audience, expiration, and token identifiers.
- **Security Best Practices**: Designed with practical authentication hardening strategies discussed for real-world backend applications.

Ideal for learning and implementing robust, secure JWT authentication in FastAPI.
"
APPLICATION_VERSION="1.0.0"
APPLICATION_CONTACT_NAME="Bruno Tanabe"
APPLICATION_CONTACT_URL="https://github.com/BrunoTanabe"
APPLICATION_CONTACT_EMAIL="tanabebruno@gmail.com"
APPLICATION_CONTACT_PHONE="+55 (12) 98844-1848"
APPLICATION_PORT=8000
APPLICATION_ENVIRONMENT="dev"
APPLICATION_CONNECT_TIMEOUT_SECONDS=30
APPLICATION_URL="http://localhost:8000"
APPLICATION_TABLE_PREFIX="fastapi_nested_jwt_authentication"


# AUTH
AUTH_BEARER_TOKEN_SCHEME_NAME="BearerAuth"
AUTH_BEARER_TOKEN_SCHEME_DESCRIPTION="Bearer token authentication using JWT."
AUTH_API_KEY_SCHEME_NAME="ApiKeyAuth"
AUTH_API_KEY_SCHEME_DESCRIPTION="API key authentication using the X-API-Key header."
AUTH_API_KEY_HEADER="X-API-Key"
AUTH_API_KEY_HEADER_DESCRIPTION="API key to access the application. This key is used to authenticate requests to the API."


# COOKIES
COOKIES_MAX_AGE_SECONDS=
COOKIES_TOKEN_TYPE_KEY=
COOKIES_ACCESS_TOKEN_KEY=
COOKIES_ACCESS_TOKEN_PATH=
COOKIES_REFRESH_TOKEN_KEY=
COOKIES_REFRESH_TOKEN_PATH=
COOKIES_DEVICE_KEY=
COOKIES_DOMAIN=


# JWT
JWT_ISSUER=
JWT_AUDIENCE=
JWT_SIGNING_KEY_PASSWORD=
JWT_ENCRYPTION_KEY_PASSWORD=
JWT_SIGNING_PRIVATE_KEY_PATH=secrets/keys/signing-private.pem
JWT_SIGNING_PUBLIC_KEY_PATH=secrets/keys/signing-public.pem
JWT_ENCRYPTION_PRIVATE_KEY_PATH=secrets/keys/encryption-private.pem
JWT_ENCRYPTION_PUBLIC_KEY_PATH=secrets/keys/encryption-public.pem
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=
JWT_REFRESH_TOKEN_EXPIRE_DAYS=
JWT_HASH_FINGERPRINT=


# LOGS
LOGS_NAME="fastapi-nested-jwt-authentication"
LOGS_PATH="logs"
LOGS_LEVEL="INFO"
LOGS_REQUEST_ID_LENGTH=8
LOGS_PYGMENTS_STYLE="monokai"


# POSTGRESQL
POSTGRESQL_DATABASE=
POSTGRESQL_USERNAME=
POSTGRESQL_PASSWORD=
POSTGRESQL_PORT=
POSTGRESQL_HOST=


# PGADMIN
PGADMIN_EMAIL=
PGADMIN_PASSWORD=
PGADMIN_PORT=


# SECURITY SETTINGS
SECURITY_ALLOW_ORIGINS=
SECURITY_ALLOW_HEADERS=
SECURITY_ALLOW_METHODS=
SECURITY_EMAIL_ALLOWED_DOMAINS=
SECURITY_ADMIN_EMAIL=
SECURITY_ADMIN_PASSWORD=