Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion auth/api/iam/openid4vci.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import (
"github.com/nuts-foundation/nuts-node/core"
"github.com/nuts-foundation/nuts-node/crypto"
nutsHttp "github.com/nuts-foundation/nuts-node/http"
"github.com/nuts-foundation/nuts-node/storage"
"github.com/nuts-foundation/nuts-node/vdr/resolver"
)

Expand Down Expand Up @@ -119,7 +120,7 @@ func (r Wrapper) RequestOpenid4VCICredentialIssuance(ctx context.Context, reques
IssuerCredentialConfigurationID: credentialConfigID,
IssuerCredentialIssuer: credentialIssuerMetadata.CredentialIssuer,
CredentialRequestParams: credentialRequestParams,
})
}, storage.WithTTL(oauthFrontendFlowTimeout))
if err != nil {
return nil, fmt.Errorf("failed to store session: %w", err)
}
Expand Down
9 changes: 8 additions & 1 deletion auth/api/iam/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,14 @@ import (
const (
// oAuthFlowTimeout is the timeout for the oauth flow.
// The maximum time between the initial authorize request and the final token request.
// Used for back-end (service-to-service) flows, which complete quickly without user interaction.
// This is too short for interactive flows; use oauthFrontendFlowTimeout for those.
oAuthFlowTimeout = time.Minute
// oauthFrontendFlowTimeout is the timeout for interactive OAuth authorization-code flows that
// involve a user logging in at an external Authorization Server (e.g. OpenID4VCI auth-code,
// OpenID4VP user login). The TTL has to cover the entire interactive round-trip: redirect to the
// external IdP, the user authenticating (password, MFA, consent) and the redirect back to the callback.
oauthFrontendFlowTimeout = 5 * time.Minute
// userRedirectTimeout is the timeout for the user redirect session.
// This is the maximum time between the creation of the redirect for the user and the actual GET request to the user/wallet page.
userRedirectTimeout = time.Second * 5
Expand Down Expand Up @@ -118,7 +125,7 @@ func (r Wrapper) handleUserLanding(echoCtx echo.Context) error {
TokenEndpoint: metadata.TokenEndpoint,
}
// store user session in session store under sessionID and clientState
err = r.oauthClientStateStore().Put(oauthSession.ClientState, oauthSession)
err = r.oauthClientStateStore().Put(oauthSession.ClientState, oauthSession, storage.WithTTL(oauthFrontendFlowTimeout))
if err != nil {
return err
}
Expand Down
Loading