Mercurial > prosody-modules
view mod_compact_resource/mod_compact_resource.lua @ 4270:243f7b0dbf35
mod_http_oauth2: Reduce authorization code validity time to 2 minutes
RFC 6749 states
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So 15 minutes was way too long. I was thinking 5 minutes at first but
since this should generally be instant, I settled on 2 minutes as a
large guesstimate on how slow it might be on slow links.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 22 Nov 2020 18:46:25 +0100 |
parents | 6f34e51a23f0 |
children |
line wrap: on
line source
local base64_encode = require"util.encodings".base64.encode; local random_bytes = require"util.random".bytes; local b64url = { ["+"] = "-", ["/"] = "_", ["="] = "" }; local function random_resource() return base64_encode(random_bytes(8)):gsub("[+/=]", b64url); end module:hook("pre-resource-bind", function (event) event.resource = random_resource(); end);