# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1677946007 -3600
# Node ID b81fd0d22c66b9c7f2808f2234468f29c4acbe0f
# Parent  47576c73eedf3c0ec92300d5f48100b5330efaa6
mod_http_oauth2: Calculate client secret expiry in registration response

Not actually the client_secret that expires, but the client_id JWT.

Returning '0' indicating no expiry was incorrect unless JWT expiry is
turned off, which we check for now.

diff -r 47576c73eedf -r b81fd0d22c66 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 13:23:26 2023 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 17:06:47 2023 +0100
@@ -423,6 +423,9 @@
 		client_id_issued_at = os.time();
 		client_secret_expires_at = 0;
 	}
+	if not registration_options.accept_expired then
+		client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600);
+	end
 
 	return {
 		status_code = 201;