-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make OAuth2 authorization code expire #40766
Conversation
@@ -44,12 +48,18 @@ | |||
protected $hashedCode; | |||
/** @var string */ | |||
protected $encryptedToken; | |||
/** @var int */ | |||
protected $codeCreatedAt; |
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
/** @var int */ | ||
protected $codeCreatedAt; | ||
/** @var int */ | ||
protected $tokenCount; |
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
2a63356
to
4cb31e1
Compare
if (!$table->hasColumn('code_created_at')) { | ||
$table->addColumn('code_created_at', Types::BIGINT, [ | ||
'notnull' => true, | ||
'default' => 0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'default' => 0, | |
'unsigned' => true, |
Default 0 is automatically, unsigned will allow more numbers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not explicitly setting the default to 0? I didn't know about it, maybe others don't know either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also fine 👍🏼
OpenAPI command also needs to be executed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API changes LGTM
efde8a9
to
3e9e57b
Compare
5efcbd5
to
b2808af
Compare
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
…have expired Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
… (active token) Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
…t in authorization state Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
b2808af
to
d56950a
Compare
Oauth authorization codes now expire 10 minutes after being created.
To know if a row in
oauth2_access_tokens
is an authorization code or an access token, we keep track of the number of delivered access tokens. If no token was delivered, it means the row still contains an authorization code (in theencrypted_token
column).authorization_code
grant type). This is no longer possible