-
Notifications
You must be signed in to change notification settings - Fork 384
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: impose expiry on auth code instead of magic link (#1440)
## What kind of change does this PR introduce? Currently, we check for flow state expiry rather than auth code expiry. The auth code is created at the point when `/magiclink` is called and expiry starts from then. However, the auth code should probably start expiring when the link is verified and the auth code is issued. We can eventually extend this to other magic link like flows if need. Note that the Flow State expiry is capped at 24 hours, as that is when the regular cleanup takes place. Considered adding a hard restriction on the maximum validity of `GOTRUE_MAILER_OTP_EXP` but there are a handful of projects which have it >86400. The handful of existing projects (number on internal channel) with a OTP expiry of longer than 24 hours will continue to have the expiry capped at 24 hours when using PKCE. This should be the same as the current behaviour since we aren't changing the cleanup duration. --------- Co-authored-by: joel <[email protected]>
- Loading branch information
Showing
5 changed files
with
24 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
do $$ begin | ||
alter table {{ index .Options "Namespace" }}.flow_state add column if not exists auth_code_issued_at timestamptz null; | ||
end $$ |