Skip to content

Commit 7ca898d

Browse files
code-ashercode-asher
committed
Add comments to code timeout
1 parent b45413f commit 7ca898d

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

enterprise/coderd/identityprovider/authorize.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,12 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {
101101
ID: uuid.New(),
102102
CreatedAt: dbtime.Now(),
103103
// TODO: Configurable expiration? Ten minutes matches GitHub.
104+
// This timeout is only for the code that will be exchanged for the
105+
// access token, not the access token itself. It does not need to be
106+
// long-lived because normally it will be exchanged immediately after it
107+
// is received. If the application does wait before exchanging the
108+
// token (for example suppose they ask the user to confirm and the user
109+
// has left) then they can just retry immediately and get a new code.
104110
ExpiresAt: dbtime.Now().Add(time.Duration(10) * time.Minute),
105111
SecretPrefix: []byte(code.Prefix),
106112
HashedSecret: []byte(code.Hashed),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy