Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5202:b81fd0d22c66

mod_http_oauth2: Calculate client secret expiry in registration response Not actually the client_secret that expires, but the client_id JWT. Returning '0' indicating no expiry was incorrect unless JWT expiry is turned off, which we check for now.
author Kim Alvefur <zash@zash.se>
date Sat, 04 Mar 2023 17:06:47 +0100
parent 5201:47576c73eedf
child 5203:c60cff787d6a
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 13:23:26 2023 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 17:06:47 2023 +0100
@@ -423,6 +423,9 @@
 		client_id_issued_at = os.time();
 		client_secret_expires_at = 0;
 	}
+	if not registration_options.accept_expired then
+		client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600);
+	end
 
 	return {
 		status_code = 201;