FEATURE: Increase default DiscourseConnect session length (discourse#…

…26261) For some identity providers, 10 minutes isn't much time for a user to complete authentication/registration on the identity provider. Increasing the default to 30 minutes should help in those situations. The nonce is still tied to a single browser session, so there is no material impact on security.
RickyC0626-forks · Mar 20, 2024 · aba0df7 · aba0df7
1 parent 16b377b
commit aba0df7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/discourse_connect_base.rb b/lib/discourse_connect_base.rb
@@ -59,7 +59,7 @@ class SignatureError < ParseError
   ]
 
   def self.nonce_expiry_time
-    @nonce_expiry_time ||= 10.minutes
+    @nonce_expiry_time ||= 30.minutes
   end
 
   def self.nonce_expiry_time=(v)