From aba0df7cf70197c8dcf13fd3b82f78eee2730317 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Wed, 20 Mar 2024 14:02:12 +0000 Subject: [PATCH] FEATURE: Increase default DiscourseConnect session length (#26261) For some identity providers, 10 minutes isn't much time for a user to complete authentication/registration on the identity provider. Increasing the default to 30 minutes should help in those situations. The nonce is still tied to a single browser session, so there is no material impact on security. --- lib/discourse_connect_base.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/discourse_connect_base.rb b/lib/discourse_connect_base.rb index 6797d5dc35b..1e91ecd6523 100644 --- a/lib/discourse_connect_base.rb +++ b/lib/discourse_connect_base.rb @@ -59,7 +59,7 @@ class DiscourseConnectBase ] def self.nonce_expiry_time - @nonce_expiry_time ||= 10.minutes + @nonce_expiry_time ||= 30.minutes end def self.nonce_expiry_time=(v)