Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5617:d8622797e315

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.
author Kim Alvefur <zash@zash.se>
date Mon, 24 Jul 2023 01:30:14 +0200
parents 59d5fc50f602
children 869c01d91aea
comparison
equal deleted inserted replaced
5616:59d5fc50f602 5617:d8622797e315
99 99
100 local authorization_server_metadata = nil; 100 local authorization_server_metadata = nil;
101 101
102 local tokens = module:depends("tokenauth"); 102 local tokens = module:depends("tokenauth");
103 103
104 local default_access_ttl = module:get_option_number("oauth2_access_token_ttl", 86400); 104 local default_access_ttl = module:get_option_number("oauth2_access_token_ttl", 3600);
105 local default_refresh_ttl = module:get_option_number("oauth2_refresh_token_ttl", nil); 105 local default_refresh_ttl = module:get_option_period("oauth2_refresh_token_ttl", 604800);
106 106
107 -- Used to derive client_secret from client_id, set to enable stateless dynamic registration. 107 -- Used to derive client_secret from client_id, set to enable stateless dynamic registration.
108 local registration_key = module:get_option_string("oauth2_registration_key"); 108 local registration_key = module:get_option_string("oauth2_registration_key");
109 local registration_algo = module:get_option_string("oauth2_registration_algorithm", "HS256"); 109 local registration_algo = module:get_option_string("oauth2_registration_algorithm", "HS256");
110 local registration_ttl = module:get_option("oauth2_registration_ttl", nil); 110 local registration_ttl = module:get_option("oauth2_registration_ttl", nil);