changeset 5830:b109773ce6fe

mod_http_oauth2: Reuse JWT issuance time as substitute for auth time Makes the token shorter. Since iat and auth_time are generated at about the same time they would only differ by a few microseconds anyway.
author Kim Alvefur <zash@zash.se>
date Wed, 24 Jan 2024 17:55:26 +0100
parents 1e28f32257d6
children 801f64e6d4e9
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed Jan 24 13:14:36 2024 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Wed Jan 24 17:55:26 2024 +0100
@@ -666,7 +666,7 @@
 			user = {
 				username = username;
 				host = module.host;
-				token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } });
+				token = new_user_token({ username = username; host = module.host; amr = { "pwd" } });
 			};
 		};
 	elseif form.user_token and form.consent then
@@ -968,7 +968,7 @@
 		iss = get_issuer();
 		sub = url.build({ scheme = "xmpp"; path = user_jid });
 		aud = params.client_id;
-		auth_time = auth_state.user.auth_time;
+		auth_time = auth_state.user.iat;
 		nonce = params.nonce;
 		amr = auth_state.user.amr;
 	});