mod_http_oauth2: Reuse JWT issuance time as substitute for auth time
Makes the token shorter. Since iat and auth_time are generated at about
the same time they would only differ by a few microseconds anyway.
--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Jan 24 13:14:36 2024 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Jan 24 17:55:26 2024 +0100
@@ -666,7 +666,7 @@
user = {
username = username;
host = module.host;
- token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } });
+ token = new_user_token({ username = username; host = module.host; amr = { "pwd" } });
};
};
elseif form.user_token and form.consent then
@@ -968,7 +968,7 @@
iss = get_issuer();
sub = url.build({ scheme = "xmpp"; path = user_jid });
aud = params.client_id;
- auth_time = auth_state.user.auth_time;
+ auth_time = auth_state.user.iat;
nonce = params.nonce;
amr = auth_state.user.amr;
});