# User Management

  • DF_LOGIN_ATTRIBUTE: By default DreamFactory uses an email address for user authentication. You can change this to use username instead by setting this to 'username'
  • DF_CONFIRM_CODE_LENGTH: New user confirmation code length. Max/Default is 32. Minimum is 5
  • DF_CONFIRM_CODE_TTL: Confirmation code expiration. Default is 1440 minutes (24 hours)
  • DF_ALLOW_FOREVER_SESSIONS: false
  • JWT_SECRET: If a separate encryption salt is required for JSON Web Tokens, place it here. Defaults to the APP_KEY setting
  • DF_JWT_TTL: The time-to-live for JSON Web Tokens, i.e. how long each token will remain valid to use
  • DF_JWT_REFRESH_TTL: The time allowed in which a JSON Web Token can be refreshed from its origination
  • DF_CONFIRM_RESET_URL: Application path to where password resets are to be handled
  • DF_CONFIRM_INVITE_URL: Application path to where invited users are to be handled
  • DF_CONFIRM_REGISTER_URL: Application path to where user registrations are to be handled