Software /
code /
prosody-modules
Diff
mod_http_oauth2/mod_http_oauth2.lua @ 4270:243f7b0dbf35
mod_http_oauth2: Reduce authorization code validity time to 2 minutes
RFC 6749 states
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So 15 minutes was way too long. I was thinking 5 minutes at first but
since this should generally be instant, I settled on 2 minutes as a
large guesstimate on how slow it might be on slow links.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 22 Nov 2020 18:46:25 +0100 |
parent | 4269:143515d0b212 |
child | 4271:9623b99bb8d2 |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Nov 22 18:39:55 2020 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sun Nov 22 18:46:25 2020 +0100 @@ -15,7 +15,7 @@ local codes = module:open_store("oauth2_codes", "map"); local function code_expired(code) - return os.difftime(os.time(), code.issued) > 900; + return os.difftime(os.time(), code.issued) > 120; end local function oauth_error(err_name, err_desc)