Search code, repositories, users, issues, pull requests...
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Extended the access token validity period from 20 minutes to 20 hours and fixed a critical bug in refresh token validation logic. The refresh token validity remains unchanged at 2 hours. Also made token validity variables public by capitalizing their names.
The refresh token validation logic has a critical bug. The condition err == nil is incorrect - it should be err != nil. With the current logic, valid refresh tokens will be rejected and invalid ones might be accepted. This completely breaks the token refresh flow.
The access token validity (20 hours) is now longer than the refresh token validity (2 hours). This is an unusual and potentially problematic configuration. Typically, refresh tokens should have a longer validity period than access tokens since their purpose is to obtain new access tokens when they expire. Consider either reducing the access token validity or increasing the refresh token validity.
