Commit92db437

committed

Add comments to code timeout

1 parent70ddc87 commit92db437Copy full SHA for 92db437

File tree

-0

lines changed

-0

lines changed

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,12 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {`
`101`	`101`	`ID:uuid.New(),`
`102`	`102`	`CreatedAt:dbtime.Now(),`
`103`	`103`	`// TODO: Configurable expiration? Ten minutes matches GitHub.`
	`104`	`+// This timeout is only for the code that will be exchanged for the`
	`105`	`+// access token, not the access token itself. It does not need to be`
	`106`	`+// long-lived because normally it will be exchanged immediately after it`
	`107`	`+// is received. If the application does wait before exchanging the`
	`108`	`+// token (for example suppose they ask the user to confirm and the user`
	`109`	`+// has left) then they can just retry immediately and get a new code.`
`104`	`110`	`ExpiresAt:dbtime.Now().Add(time.Duration(10)*time.Minute),`
`105`	`111`	`SecretPrefix: []byte(code.Prefix),`
`106`	`112`	`HashedSecret: []byte(code.Hashed),`

Comments

(0)