# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1706115326 -3600
# Node ID b109773ce6fe304d656254dc4d63d76e0bfa721b
# Parent  1e28f32257d696e1d12482c387db9a5718aa3456
mod_http_oauth2: Reuse JWT issuance time as substitute for auth time

Makes the token shorter. Since iat and auth_time are generated at about
the same time they would only differ by a few microseconds anyway.

diff -r 1e28f32257d6 -r b109773ce6fe mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed Jan 24 13:14:36 2024 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Wed Jan 24 17:55:26 2024 +0100
@@ -666,7 +666,7 @@
 			user = {
 				username = username;
 				host = module.host;
-				token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } });
+				token = new_user_token({ username = username; host = module.host; amr = { "pwd" } });
 			};
 		};
 	elseif form.user_token and form.consent then
@@ -968,7 +968,7 @@
 		iss = get_issuer();
 		sub = url.build({ scheme = "xmpp"; path = user_jid });
 		aud = params.client_id;
-		auth_time = auth_state.user.auth_time;
+		auth_time = auth_state.user.iat;
 		nonce = params.nonce;
 		amr = auth_state.user.amr;
 	});