Mercurial > prosody-modules
changeset 5830:b109773ce6fe
mod_http_oauth2: Reuse JWT issuance time as substitute for auth time
Makes the token shorter. Since iat and auth_time are generated at about
the same time they would only differ by a few microseconds anyway.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 24 Jan 2024 17:55:26 +0100 |
parents | 1e28f32257d6 |
children | 801f64e6d4e9 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Jan 24 13:14:36 2024 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Jan 24 17:55:26 2024 +0100 @@ -666,7 +666,7 @@ user = { username = username; host = module.host; - token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } }); + token = new_user_token({ username = username; host = module.host; amr = { "pwd" } }); }; }; elseif form.user_token and form.consent then @@ -968,7 +968,7 @@ iss = get_issuer(); sub = url.build({ scheme = "xmpp"; path = user_jid }); aud = params.client_id; - auth_time = auth_state.user.auth_time; + auth_time = auth_state.user.iat; nonce = params.nonce; amr = auth_state.user.amr; });