Prolong available time for logging in to the third party system to 15…

…mins This should make https://ecamp.sentry.io/issues/3531734868/?project=5912620 way rarer.
carlobeltrame · Jun 17, 2024 · bc10e82 · bc10e82
1 parent bd00986
commit bc10e82
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/api/src/OAuth/JWTStateOAuth2Client.php b/api/src/OAuth/JWTStateOAuth2Client.php
@@ -31,7 +31,7 @@
  * longer-living token and with parts of the cookie available to JavaScript.
  */
 class JWTStateOAuth2Client extends OAuth2Client implements OAuth2ClientInterface {
-    public const JWT_TTL = 300; // seconds, i.e. 5 minutes of validity for the JWT token
+    public const JWT_TTL = 900; // seconds, i.e. 15 minutes of validity for the JWT token
 
     public function __construct(
         AbstractProvider $provider,
@@ -101,7 +101,7 @@ public function redirect(array $scopes = [], array $options = []): RedirectRespo
     /**
      * Checks the validity of the temporary JWT cookie, and checks that the state parameter is correct.
      * Any irregularities would indicate someone tampering with the login system (or someone taking longer
-     * than 5 minutes to authenticate with the external service...)
+     * than 15 minutes to authenticate with the external service...)
      * After this custom state parameter check, we delegate to the original implementation to finish the OAuth
      * flow.
      *