You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/advanced-usage/authentication.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,15 +19,15 @@ You can generate a Bearer token using one of the `login` endpoints:
19
19
-**Basic Authentication:** If Basic Authentication is enabled, authenticate via `POST /api/auth/basic/login` with your username and password.
20
20
-**OAuth2 Authentication:** If [OAuth2 authentication](#setting-up-oauth2-authentication-single-sign-on) is enabled, authenticate via `GET /api/auth/oauth2/login` through your configured identity provider.
21
21
22
-
Generated access tokens are valid for **1 hour**, and refresh tokens for **30 days**. These durations can be adjusted on the [Configuration](../server-docs/configuration.md) page.
22
+
Generated access tokens are valid for **5 minutes**, and refresh tokens for **30 days**. These durations can be adjusted on the [Configuration](../server-docs/configuration.md) page.
23
23
24
24
### Refreshing Tokens
25
25
26
-
When your access token expires, request a new one using your refresh token via the endpoint `POST /api/auth/refresh`.
26
+
When your access token expires, request a new token pair using your refresh token by calling the `POST /api/auth/refresh` endpoint with your refresh token. Your current refresh token will be invalid after this call so make sure to always use the token received from the response for future token refreshes.
27
27
28
28
### Revoking Tokens
29
29
30
-
You can revoke a token using the `POST /api/auth/revoke`. This will effectively log out the user by removing the token from the database and invalidating it.
30
+
You can revoke a token by calling the `POST /api/auth/revoke` endpoint with your refresh token. This will effectively log out the user, by blocking future token refreshes.
31
31
32
32
## Setting Up OAuth2 Authentication (Single Sign-On)
Copy file name to clipboardExpand all lines: docs/intro.md
+25-19Lines changed: 25 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,33 +27,39 @@ Let's take a look at all the main functions of GameVault:
27
27
### Client Features
28
28
29
29
- 🔎 [Browse your server's game collection](./client-docs/gui#library)
30
-
- 📥 [Download your games from your server](./client-docs/how-to-use#downloading-games)
31
-
- ⚙️ [Automatically extract and install games](./client-docs/how-to-use#1-extracting-the-game)
32
-
- 🎮 [Launch and play the games on your PC](./client-docs/how-to-use#playing-a-game)
33
-
- ⏱️ [Track playtimes and progress (even when the server is offline)](./client-docs/how-to-use#tracking-your-game-progress)
34
-
- 👥 [Compare game progress with other users on the server](./client-docs/gui#community)
35
-
- ✏️ [Edit any game metadata](./client-docs/gui#metadata)
36
-
- 🔒 [Manage your users and games with a powerful Admin UI](./client-docs/gui#administration)
30
+
- 📥 [Download games from your server](./client-docs/how-to-use#downloading-games)
31
+
- ⚙️ [Automatic game extraction and installation](./client-docs/how-to-use#1-extracting-the-game)
32
+
- 🎮 [Launch and play games on your Computer](./client-docs/how-to-use#playing-a-game)
33
+
- ⏱️ [Track playtime and progress (works offline)](./client-docs/how-to-use#tracking-your-game-progress)
34
+
- 👥 [Compare game progress with other users](./client-docs/gui#community)
35
+
- ✏️ [Edit game metadata](./client-docs/gui#metadata)
36
+
- 🔒 [Manage users and games through Admin UI](./client-docs/gui#administration)
37
+
- 🎥 [Built-in media player for trailers and gameplay videos](./client-docs/gui#game)
38
+
- 🎨 [Themes](./client-docs/gui#application)
37
39
38
40
### Server Features
39
41
40
-
- ♻️ [Automatic indexer to sync games from the file system into the database](./server-docs/indexing.md)
41
-
- 📚 [Automatic enrichment of games with metadata, box arts, tags, genres, description and more using various APIs](./server-docs/metadata-enrichment/metadata.md)
- Visit our [GameVault+](./gamevault-plus/introduction.md) page to learn more about our premium features.
55
61
56
-
## Support
62
+
## Support Us
57
63
58
64
We're working hard in our free time to provide you, your friends, and families with the best self-hosted gaming experience. It would mean a lot to us if you could support us developers by [getting GameVault+](./gamevault-plus/introduction.md).
|`AUTH_SEED` ` | Random seed for generating tokens. Generated automatically if not set. | Hash of any credential in the config. | Any random string, it doesn't matter what it says, or how long it is. |
127
-
|`AUTH_ACCESS_TOKEN_EXPIRES_IN`| Specifies how long an access token is valid. |`1h`| A valid [ms-format](https://github.com/vercel/ms) string (e.g. "1h", "30m") |
127
+
|`AUTH_ACCESS_TOKEN_EXPIRES_IN`| Specifies how long an access token is valid. |`5m`| A valid [ms-format](https://github.com/vercel/ms) string (e.g. "1h", "30m") |
128
128
|`AUTH_REFRESH_TOKEN_EXPIRES_IN`| Specifies how long a refresh token is valid. |`30d`| A valid [ms-format](https://github.com/vercel/ms) string (e.g. "1h", "30m") |
129
129
|`AUTH_BASIC_AUTH_ENABLED`| Enables or disables Basic Auth. Disabling this will disable registering and logging in using username and password. |`true`|`true`, `false`|
130
130
|`AUTH_OAUTH2_ENABLED`| Enables or disables OAuth2 integration. |`false`|`true`, `false`|
0 commit comments