Mercurial > prosody-modules
view mod_invites_groups/mod_invites_groups.lua @ 5617:d8622797e315
mod_http_oauth2: Shorten default token validity periods
With refresh tokens, short lifetime for access tokens is not a problem.
The arbitrary choice of one hour seems reasonable. RFC 6749 has it as
example value.
One week for refresh tokens matching the default archive retention
period. This means that a client that remains unused for one week will
have to sign in again. An actively used client will continually push
that forward with each used refresh token.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Jul 2023 01:30:14 +0200 |
| parents | 869df5a6b0c5 |
| children |
line wrap: on
line source
local mod_groups = module:depends("groups_internal"); module:hook("user-registered", function(event) local validated_invite = event.validated_invite or (event.session and event.session.validated_invite); if not validated_invite then -- not registered via invite, nothing to do return end local groups = validated_invite and validated_invite.additional_data and validated_invite.additional_data.groups; if not groups then -- invite has no groups, nothing to do return end local new_username = event.username; module:log("debug", "adding %s to groups from invite", new_username); for _, group in ipairs(groups) do mod_groups.add_member(group, new_username); end end);