refactor!: default code ttl down from 10 minutes down to 1 minute

BREAKING CHANGE: Default Authorization Code duration is now 60 seconds instead of 10 minutes. This can be reverted using the `ttl.AuthorizationCode` configuration option.
panva · Dec 1, 2022 · f770e2d · f770e2d
1 parent cef63b6
commit f770e2d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -2952,7 +2952,7 @@ _**default value**_:
     }
     return 60 * 60; // 1 hour in seconds
   },
-  AuthorizationCode: 600 /* 10 minutes in seconds */,
+  AuthorizationCode: 60 /* 1 minute in seconds */,
   BackchannelAuthenticationRequest: function BackchannelAuthenticationRequestTTL(ctx, request, client) {
     if (ctx && ctx.oidc && ctx.oidc.params.requested_expiry) {
       return Math.min(10 * 60, +ctx.oidc.params.requested_expiry); // 10 minutes in seconds or requested_expiry, whichever is shorter

diff --git a/lib/helpers/defaults.js b/lib/helpers/defaults.js
@@ -269,7 +269,7 @@ function AccessTokenTTL(ctx, token, client) {
 }
 
 function AuthorizationCodeTTL(ctx, code, client) {
-  return 10 * 60; // 10 minutes in seconds
+  return 60; // 1 minute in seconds
 }
 
 function ClientCredentialsTTL(ctx, token, client) {