prosody
9e5802b45b9e
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 13073:9e5802b45b9e
mod_tokenauth: Only check if expiry of expiring tokens
Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime
explicitly bounded here, but rather be bounded by the lifetime of
something else, like the OAuth2 client.
Open question: Would it be better to enforce a lifetime on all tokens?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 12 Apr 2023 10:21:32 +0200 |
| parent | 13024:7558fd152459 |
| child | 13074:794a5ad5495e |
comparison
equal
deleted
inserted
replaced
| 13072:7fcf41b541e0 | 13073:9e5802b45b9e |
|---|---|
| 184 return nil, "not-authorized"; | 184 return nil, "not-authorized"; |
| 185 end | 185 end |
| 186 | 186 |
| 187 -- Check expiry | 187 -- Check expiry |
| 188 local now = os.time(); | 188 local now = os.time(); |
| 189 if token_info.expires < now then | 189 if token_info.expires and token_info.expires < now then |
| 190 module:log("debug", "Token has expired, cleaning it up"); | 190 module:log("debug", "Token has expired, cleaning it up"); |
| 191 grant.tokens[secret_hash] = nil; | 191 grant.tokens[secret_hash] = nil; |
| 192 token_store:set_key(token_user, token_id, grant); | 192 token_store:set_key(token_user, token_id, grant); |
| 193 return nil, "not-authorized"; | 193 return nil, "not-authorized"; |
| 194 end | 194 end |
