JWT claims and Algorithm/key control

[elisandroesp]

Hi!

We loved the new JWT implementation, although we saw a couple issues with the generated JWT claims:

• There is no sub claim (instead you have 'data', but no user id in it).
• The token might be consumed in other systems. perhaps we could have a few variables here and there to have control over the token variables: JWT_ALGORITHM, JWT_KEY (to be used instead of the APP_KEY), JWT_TTL, JWT_REFRESH_TTL, JWT_LEEWAY

This would expand its usage and give devs a lot more control.

Best regard, Elisandro

[daftspunk]

Thanks fo the suggestions @elisandroesp

Sub claim added in 827bdb793e9e7da86add94b5efaafd43a5f2b3cf Config added in ab09faadbb53d5e23d01f0b57acdca3aa61ae4f3

The refresh TTL should be sent as plaintext alongside the token response for the client to manage.

Feel free to test this on the dev-master branch.