Commit 58ed300

mo <mo.khan@gmail.com>
2018-09-05 15:06:24
expire authorization grant in 10 minutes.
```text code REQUIRED. The authorization code generated by the authorization server. The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is RECOMMENDED. The client MUST NOT use the authorization code ``` RFC 6749
main
1 parent 73c3de1
Changed files (3)
app
models
authorization.rb
db
migrate
20180905020708_create_authorizations.rb
schema.rb
app/models/authorization.rb
@@ -4,4 +4,8 @@ class Authorization < ApplicationRecord
   has_secure_token :code
   belongs_to :user
   belongs_to :client
+
+  after_initialize do
+    self.expired_at = 10.minutes.from_now unless expired_at.present?
+  end
 end
db/migrate/20180905020708_create_authorizations.rb
@@ -6,6 +6,7 @@ class CreateAuthorizations < ActiveRecord::Migration[5.2]
       t.references :user, foreign_key: true
       t.references :client, foreign_key: true
       t.string :code, null: false, index: true
+      t.datetime :expired_at, null: false
 
       t.timestamps
     end
db/schema.rb
@@ -16,6 +16,7 @@ ActiveRecord::Schema.define(version: 2018_09_05_020708) do
     t.integer "user_id"
     t.integer "client_id"
     t.string "code", null: false
+    t.datetime "expired_at", null: false
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["client_id"], name: "index_authorizations_on_client_id"