Skip to content

Commit

Permalink
refactor!: default code ttl down from 10 minutes down to 1 minute
Browse files Browse the repository at this point in the history
BREAKING CHANGE: Default Authorization Code duration is now 60 seconds instead of 10 minutes. This can be reverted using the `ttl.AuthorizationCode` configuration option.
  • Loading branch information
panva committed Dec 1, 2022
1 parent cef63b6 commit f770e2d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2952,7 +2952,7 @@ _**default value**_:
}
return 60 * 60; // 1 hour in seconds
},
AuthorizationCode: 600 /* 10 minutes in seconds */,
AuthorizationCode: 60 /* 1 minute in seconds */,
BackchannelAuthenticationRequest: function BackchannelAuthenticationRequestTTL(ctx, request, client) {
if (ctx && ctx.oidc && ctx.oidc.params.requested_expiry) {
return Math.min(10 * 60, +ctx.oidc.params.requested_expiry); // 10 minutes in seconds or requested_expiry, whichever is shorter
Expand Down
2 changes: 1 addition & 1 deletion lib/helpers/defaults.js
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ function AccessTokenTTL(ctx, token, client) {
}

function AuthorizationCodeTTL(ctx, code, client) {
return 10 * 60; // 10 minutes in seconds
return 60; // 1 minute in seconds
}

function ClientCredentialsTTL(ctx, token, client) {
Expand Down

0 comments on commit f770e2d

Please sign in to comment.