mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.

This module logs events where more than a certain amount of CPU time was
spent.

``` lua
log_cpu_threshold = 0.01 -- in seconds, so this is 10 milliseconds
```

Uses the Lua
[`os.clock()`](http://www.lua.org/manual/5.2/manual.html#pdf-os.clock)
function to estimate CPU usage.