~netlandish/gobwebs-oauth2

f0f42e2e3a7c1690377072ea8b57c4deaed56f2f — Peter Sanchez 10 months ago 0321b8c
Correcting OAuth2 token expiration time to account for renewal windows
1 files changed, 7 insertions(+), 0 deletions(-)

M routes.go
M routes.go => routes.go +7 -0
@@ 720,6 720,13 @@ func (s *Service) AccessTokenPOST(c echo.Context) error {
		}
	}

	// OAuth 2.0 specifies that the expiration in the response only affects the
	// access token, and clients should use the refresh token after the access
	// token has expired. Return an expiration before the actual one, to give
	// clients a chance to refresh their access token.
	// Ref: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/47900
	expires = expires.AddDate(0, -1, 0) // Subtract 1 month

	ret := struct {
		Token        string `json:"access_token"`
		Type         string `json:"token_type"`