mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 21:57:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_tokenauth: Only check if expiry of expiring tokens

Browse source 
Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime
explicitly bounded here, but rather be bounded by the lifetime of
something else, like the OAuth2 client.

Open question: Would it be better to enforce a lifetime on all tokens?
This commit is contained in:
Kim Alvefur 2023-04-12 10:21:32 +02:00
parent 2fc0c66f01
commit 816d0819f2
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/mod_tokenauth.lua
View file

@ -186,7 +186,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token
-- Check expiry
local now = os.time();
if token_info.expires < now then
if token_info.expires and token_info.expires < now then
module:log("debug", "Token has expired, cleaning it up");
grant.tokens[secret_hash] = nil;
token_store:set_key(token_user, token_id, grant);