--- a/mod_http_oauth2/mod_http_oauth2.lua	Mon Mar 06 15:55:11 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Mon Mar 06 16:49:43 2023 +0100
@@ -90,18 +90,20 @@
 	return usermanager.get_user_role(username, module.host).name;
 end
 
-local function code_expires_in(code)
-	return os.difftime(os.time(), code.issued);
+local function code_expires_in(code) --> number, seconds until code expires
+	return os.difftime(code.expires, os.time());
 end
 
-local function code_expired(code)
-	return code_expires_in(code) > 120;
+local function code_expired(code) --> boolean, true: has expired, false: still valid
+	return code_expires_in(code) < 0;
 end
 
 local codes = cache.new(10000, function (_, code)
 	return code_expired(code)
 end);
 
+-- Periodically clear out unredeemed codes.  Does not need to be exact, expired
+-- codes are rejected if tried. Mostly just to keep memory usage in check.
 module:add_timer(900, function()
 	local k, code = codes:tail();
 	while code and code_expired(code) do
@@ -176,7 +178,7 @@
 
 	local code = uuid.generate();
 	local ok = codes:set(params.client_id .. "#" .. code, {
-		issued = os.time();
+		expires = os.time() + 600;
 		granted_jid = granted_jid;
 		granted_scopes = granted_scopes;
 	});
changeset 5217	dc0f502c12f1
parent 5214	898575a0c6f3
child 5218	d5492bc861f6