comparison mod_http_oauth2/mod_http_oauth2.lua @ 4270:243f7b0dbf35

mod_http_oauth2: Reduce authorization code validity time to 2 minutes RFC 6749 states > A maximum authorization code lifetime of 10 minutes is RECOMMENDED. So 15 minutes was way too long. I was thinking 5 minutes at first but since this should generally be instant, I settled on 2 minutes as a large guesstimate on how slow it might be on slow links.
author Kim Alvefur <zash@zash.se>
date Sun, 22 Nov 2020 18:46:25 +0100
parents 143515d0b212
children 9623b99bb8d2
comparison
equal deleted inserted replaced
4269:143515d0b212 4270:243f7b0dbf35
13 13
14 local clients = module:open_store("oauth2_clients", "map"); 14 local clients = module:open_store("oauth2_clients", "map");
15 local codes = module:open_store("oauth2_codes", "map"); 15 local codes = module:open_store("oauth2_codes", "map");
16 16
17 local function code_expired(code) 17 local function code_expired(code)
18 return os.difftime(os.time(), code.issued) > 900; 18 return os.difftime(os.time(), code.issued) > 120;
19 end 19 end
20 20
21 local function oauth_error(err_name, err_desc) 21 local function oauth_error(err_name, err_desc)
22 return errors.new({ 22 return errors.new({
23 type = "modify"; 23 type = "modify";