tangled.org / core
Monorepo for Tangled โ€” https://tangled.org
fork atom

appview/oauth: invalidate sessions if inactive for too long #722

merged
opened by oppi.li targeting master from push-rnnvqlrqspsv

if sessions are inactive for too long, tokens will not be refreshed, and calling authorized xrpc methods will error out with invalid_grant. this changeset does two things:

  • tracks the last time a session was active using a new redis pair: oauth:session_meta:<did>:<session>, this is updated every time SaveSession is called
  • checks for session inactivity every time GetSession is called, and deletes the session if so

this way, GetSession will never return a session with expired tokens.

Signed-off-by: oppiliappan me@oppi.li

0
by oppi.li 0 comments
expand 1 commit
06f0fe4c
appview/oauth: invalidate sessions if inactive for too long
build.yml
fmt.yml
test.yml
pull request successfully merged
sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:qfpnj4og54vl56wngdriaxug/sh.tangled.repo.pull/3m4d7ua7qyj22