1 files changed, 7 insertions(+), 0 deletions(-)

M routes.go

@@ 720,6 720,13 @@ func (s *Service) AccessTokenPOST(c echo.Context) error {
 		}
 	}
 
+	// OAuth 2.0 specifies that the expiration in the response only affects the
+	// access token, and clients should use the refresh token after the access
+	// token has expired. Return an expiration before the actual one, to give
+	// clients a chance to refresh their access token.
+	// Ref: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/47900
+	expires = expires.AddDate(0, -1, 0) // Subtract 1 month
+
 	ret := struct {
 		Token        string `json:"access_token"`
 		Type         string `json:"token_type"`