10000 Add comments to code timeout · coder/coder@7ca898d · GitHub
[go: up one dir, main page]

Skip to content

Commit 7ca898d

Browse files
committed
Add comments to code timeout
1 parent b45413f commit 7ca898d

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

enterprise/coderd/identityprovider/authorize.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,12 @@ func Authorize(db database.Store, accessURL *url.URL) http.HandlerFunc {
101101
ID: uuid.New(),
102102
CreatedAt: dbtime.Now(),
103103
// TODO: Configurable expiration? Ten minutes matches GitHub.
104+
// This timeout is only for the code that will be exchanged for the
105+
// access token, not the access token itself. It does not need to be
106+
// long-lived because normally it will be exchanged immediately after it
107+
// is received. If the application does wait before exchanging the
108+
// token (for example suppose they ask the user to confirm and the user
109+
// has left) then they can just retry immediately and get a new code.
104110
ExpiresAt: dbtime.Now().Add(time.Duration(10) * time.Minute),
105111
SecretPrefix: []byte(code.Prefix),
106112
HashedSecret: []byte(code.Hashed),

0 commit comments

Comments
 (0)
0