Mercurial Mercurial > prosody > prosody-modules / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5554 4fda06be6b08
parent 5553 01a0b67a9afd
child 5557 67152838afbc 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 16 00:06:53 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 16 00:10:46 2023 +0200
@@ -463,6 +463,7 @@
 	if err then error(err); end
 	-- MUST NOT use the authorization code more than once, so remove it to
 	-- prevent a second attempted use
+	-- TODO if a second attempt *is* made, revoke any tokens issued
 	codes:set(params.client_id .. "#" .. params.code, nil);
 	if not code or type(code) ~= "table" or code_expired(code) then
 		module:log("debug", "authorization_code invalid or expired: %q", code);
prosody-modules