add docs configuration options

Author: IndominusByte

README.md

@@ -5,7 +5,7 @@
 [![Build Status](https://travis-ci.org/IndominusByte/fastapi-jwt-auth.svg?branch=master)](https://travis-ci.org/IndominusByte/fastapi-jwt-auth)
 [![Coverage Status](https://coveralls.io/repos/github/IndominusByte/fastapi-jwt-auth/badge.svg?branch=master)](https://coveralls.io/github/IndominusByte/fastapi-jwt-auth?branch=master)
 [![PyPI version](https://badge.fury.io/py/fastapi-jwt-auth.svg)](https://badge.fury.io/py/fastapi-jwt-auth)
-[![Downloads](https://pepy.tech/badge/fastapi-jwt-auth)](https://pepy.tech/project/fastapi-jwt-auth)
+[![Downloads](https://static.pepy.tech/personalized-badge/fastapi-jwt-auth?period=total&units=international_system&left_color=grey&right_color=brightgreen&left_text=Downloads)](https://pepy.tech/project/fastapi-jwt-auth)
 
 ---
 

docs/configuration/cookies.md

@@ -1,23 +1,33 @@
+These are only applicable if `authjwt_token_location` is use cookies.
+
 `authjwt_access_cookie_key`
-:   is simply dummy text of the printing and typesetting industry
+:   The key of the cookie that holds the access token. Defaults to `access_token_cookie`
 
 `authjwt_refresh_cookie_key`
-:   is simply dummy text of the printing and typesetting industry
+:   The key of the cookie that holds the refresh token. Defaults to `refresh_token_cookie`
 
 `authjwt_access_cookie_path`
-:   is simply dummy text of the printing and typesetting industry
+:   What path should be set for the access cookie. Defaults to `'/'`, which will cause this
+    access cookie to be sent in with every request.
 
 `authjwt_refresh_cookie_path`
-:   is simply dummy text of the printing and typesetting industry
+:   What path should be set for the refresh cookie. Defaults to `'/'`, which will cause this
+    refresh cookie to be sent in with every request. 
 
 `authjwt_cookie_max_age`
-:   is simply dummy text of the printing and typesetting industry
+:   If you don't set anything else, the cookie will expire when the browser is closed. Defaults to
+    `None`, to prevent this set expiration to `int` (expressed in a number of seconds).
 
 `authjwt_cookie_domain`
-:   is simply dummy text of the printing and typesetting industry
+:   The domain can be used to specify a domain and subdomain for your cookies.
+    Defaults to `None` which sets this cookie to only be readable by the domain that set it. 
 
 `authjwt_cookie_secure`
-:   is simply dummy text of the printing and typesetting industry
+:   If the secure flag is `True` cookie can only be transmitted securely over HTTPS,
+    and it will not be sent over unencrypted HTTP connections. Defaults to `False`, but in
+    production this should likely be set to `True`
 
 `authjwt_cookie_samesite`
-:   is simply dummy text of the printing and typesetting industry
+:   The browser sends the cookie with both cross-site and same-site requests.
+    Set to `'lax'` in production to improve protection for CSRF attacks. Defaults to `None`,
+    which means cookies are always sent through external or internal site. 

docs/configuration/csrf.md

@@ -1,23 +1,23 @@
 `authjwt_cookie_csrf_protect`
-:   is simply dummy text of the printing and typesetting industry
+:   Enable/disable CSRF protection when using cookies. Defaults to `True`
 
 `authjwt_access_csrf_cookie_key`
-:   is simply dummy text of the printing and typesetting industry
+:   Key of the CSRF access cookie. Defaults to `'csrf_access_token'`
 
 `authjwt_refresh_csrf_cookie_key`
-:   is simply dummy text of the printing and typesetting industry
+:   Key of the CSRF refresh cookie. Defaults to `'csrf_refresh_token'`
 
 `authjwt_access_csrf_cookie_path`
-:   is simply dummy text of the printing and typesetting industry
+:   Path for the CSRF access cookie. Defaults to `'/'`
 
 `authjwt_refresh_csrf_cookie_path`
-:   is simply dummy text of the printing and typesetting industry
+:   Path for the CSRF refresh cookie. Defaults to `'/'`
 
 `authjwt_access_csrf_header_name`
-:   is simply dummy text of the printing and typesetting industry
+:   Name of the header that should contain the CSRF double submit value for access tokens. Defaults to `X-CSRF-TOKEN`
 
 `authjwt_refresh_csrf_header_name`
-:   is simply dummy text of the printing and typesetting industry
+:   Name of the header that should contains the CSRF double submit value for refresh tokens. Defaults to `X-CSRF-TOKEN`
 
 `authjwt_csrf_methods`
-:   is simply dummy text of the printing and typesetting industry
+:   The request methods that will use CSRF protection. Defaults to `{'POST','PUT','PATCH','DELETE'}` 

docs/configuration/denylist.md

@@ -1,5 +1,7 @@
 `authjwt_denylist_enabled`
-:   is simply dummy text of the printing and typesetting industry
+:   Enable/disable token revoking. Defaults to `False`
 
 `authjwt_denylist_token_checks`
-:   is simply dummy text of the printing and typesetting industry
+:   What token types to check against the denylist. The options are `access` or `refresh`.
+    You can pass in a sequence to check more than one type. Defaults to `{'access', 'refresh'}`.
+    Only used if deny listing is enabled. 

docs/configuration/general.md

@@ -1,35 +1,43 @@
 `authjwt_token_location`
-:   is simply dummy text of the printing and typesetting industry
+:   Where to look for a JWT when processing a request. The options are `headers` or `cookies`.
+    You can pass in a sequence to set more than one location `('headers','cookies')`. Defaults to `{'headers'}`
+    if you pass headers and cookies, headers are precedence.
 
 `authjwt_secret_key`
-:   is simply dummy text of the printing and typesetting industry
+:   The secret key needed for symmetric based signing algorithms, such as `HS*`. Defaults to `None`
 
 `authjwt_public_key`
-:   is simply dummy text of the printing and typesetting industry
+:   The public key needed for asymmetric based signing algorithms, such as `RS*` or `ES*`. PEM format expected.
+    Defaults to `None`
 
 `authjwt_private_key`
-:   is simply dummy text of the printing and typesetting industry
+:   The private key needed for asymmetric based signing algorithms, such as `RS*` or `ES*`. PEM format expected.
+    Defaults to `None`
 
 `authjwt_algorithm`
-:   is simply dummy text of the printing and typesetting industry
+:   Which algorithm to sign the JWT with. <a href="https://pyjwt.readthedocs.io/en/latest/algorithms.html">See here</a>
+    for the options. Defaults to `HS256`
 
 `authjwt_decode_algorithms`
-:   is simply dummy text of the printing and typesetting industry
+:   Which algorithms are allowed to decode a JWT. Defaults to a list with only the algorithm set in `authjwt_algorithm`
 
 `authjwt_decode_leeway`
-:   is simply dummy text of the printing and typesetting industry
+:   Define the leeway part of the expiration time definition, which means you can validate an expiration
+    time which is in the past but not very far. Defaults to `0`
 
 `authjwt_encode_issuer`
-:   is simply dummy text of the printing and typesetting industry
+:   Define the issuer to set the issuer in JWT claims, only access token have issuer claim. Defaults to `None`
 
 `authjwt_decode_issuer`
-:   is simply dummy text of the printing and typesetting industry
+:   Define the issuer to check the issuer in JWT claims, only access token have issuer claim. Defaults to `None`
 
 `authjwt_decode_audience`
-:   is simply dummy text of the printing and typesetting industry
+:   The audience or list of audiences you expect in a JWT when decoding it. Defaults to `None`
 
 `authjwt_access_token_expires`
-:   is simply dummy text of the printing and typesetting industry
+:   How long an access token should live before it expires. This takes value `integer` *(seconds)* or
+    `datetime.timedelta`, and defaults to **15 minutes**. Can be set to `False` to disable expiration.
 
 `authjwt_refresh_token_expires`
-:   is simply dummy text of the printing and typesetting industry
+:   How long an refresh token should live before it expires. This takes value `integer` *(seconds)* or
+    `datetime.timedelta`, and defaults to **30 days**. Can be set to `False` to disable expiration.

docs/configuration/headers.md

@@ -1,5 +1,8 @@
+These are only applicable if `authjwt_token_location` is use headers.
+
 `authjwt_header_name`
-:   is simply dummy text of the printing and typesetting industry
+:   What header to look for the JWT in a request. Defaults to `Authorization`
 
 `authjwt_header_type`
-:   is simply dummy text of the printing and typesetting industry
+:   What type of header the JWT is in. Defaults to `Bearer`. This can be an empty string,
+    in which case the header contains only the JWT instead like `HeaderName: Bearer <JWT>`

mkdocs.yml

@@ -34,6 +34,6 @@ nav:
   - Configuration Options:
     - General Options: configuration/general.md
     - Headers Options: configuration/headers.md
+    - Denylist Options: configuration/denylist.md
     - Cookies Options: configuration/cookies.md
     - CSRF Options: configuration/csrf.md
-    - Denylist Options: configuration/denylist.md