# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1749844658 -7200
# Node ID e1c54de0690564f930836aaff09849d6c78bc48e
# Parent  aae94f82c56e9bc38b2803772dc57255f4bebebc
mod_http_oauth2: Handle case of device state having expired

If for some reason the `code` was nil, it would have thrown an error
attempting to index it.

diff -r aae94f82c56e -r e1c54de06905 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 13 21:30:56 2025 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 13 21:57:38 2025 +0200
@@ -796,9 +796,11 @@
 		if is_device then
 			local device_code = b64url(hashes.hmac_sha256(verification_key, device_state.user_code));
 			local code = codes:get("device_code:" .. params.client_id .. "#" .. device_code);
-			code.error = err;
-			code.expires = os.time() + 60;
-			codes:set("device_code:" .. params.client_id .. "#" .. device_code, code);
+			if type(code) == "table" then
+				code.error = err;
+				code.expires = os.time() + 60;
+				codes:set("device_code:" .. params.client_id .. "#" .. device_code, code);
+			end
 		end
 		return render_error(err);
 	end