IndieAuth #25

Merged
h4kor merged 19 commits from auth into master 2022-11-07 19:38:21 +00:00
1 changed files with 5 additions and 1 deletions
Showing only changes of commit fc4f5a1623 - Show all commits

View File

@ -343,10 +343,14 @@ func (user User) VerifyAuthCode(
hash := sha256.Sum256([]byte(code_verifier)) hash := sha256.Sum256([]byte(code_verifier))
return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c
} else if c.CodeChallengeMethod == "" { } else if c.CodeChallengeMethod == "" {
// Check age of code
// A maximum lifetime of 10 minutes is recommended ( https://indieauth.spec.indieweb.org/#authorization-response)
if time.Since(c.Created) < 10*time.Minute {
return true, c return true, c
} }
} }
} }
}
return false, AuthCode{} return false, AuthCode{}
} }