IndieAuth #25
4
user.go
4
user.go
|
@ -343,10 +343,14 @@ func (user User) VerifyAuthCode(
|
||||||
hash := sha256.Sum256([]byte(code_verifier))
|
hash := sha256.Sum256([]byte(code_verifier))
|
||||||
return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c
|
return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c
|
||||||
} else if c.CodeChallengeMethod == "" {
|
} else if c.CodeChallengeMethod == "" {
|
||||||
|
// Check age of code
|
||||||
|
// A maximum lifetime of 10 minutes is recommended ( https://indieauth.spec.indieweb.org/#authorization-response)
|
||||||
|
if time.Since(c.Created) < 10*time.Minute {
|
||||||
return true, c
|
return true, c
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return false, AuthCode{}
|
return false, AuthCode{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue