Reset Password

The Reset Password Identity Validation implementation ensures that users cannot perform a reset password flow without first ensuring the user is adequately identified. The settings below therefore can affect the level of security Authelia provides to your users so they should be carefully considered.

This process is performed by issuing a HMAC signed JWT using a secret key only known by Authelia.


Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

    jwt_lifespan: '5 minutes'
    jwt_algorithm: 'HS256'
    jwt_secret: ''


This section describes the individual configuration options.


string integer duration 5 minutes not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The lifespan of the JSON Web Token after it’s initially generated after which it’s considered invalid.


string HS256 not required

The JSON Web Token Algorithm used to sign the JWT. Must be HS256, HS384, or HS512.


string required

The secret used with the HMAC algorithm to sign the JWT.