increase expiry time of auth_requests to 15 minutes

2026-02-04 13:37:11 +00:00 · 2026-01-20 12:17:55 +01:00 · 2026-01-20 12:17:55 +01:00 · e477a21d02
commit e477a21d02
parent 258336bb4b
1 changed files with 3 additions and 1 deletions
--- a/src/db/models/auth_request.rs
+++ b/src/db/models/auth_request.rs
@ -177,7 +177,9 @@ impl AuthRequest {
    }

    pub async fn purge_expired_auth_requests(conn: &DbConn) {
-        let expiry_time = Utc::now().naive_utc() - chrono::TimeDelta::try_minutes(5).unwrap(); //after 5 minutes, clients reject the request
+        // delete auth requests older than 15 minutes which is functionally equivalent to upstream:
+        // https://github.com/bitwarden/server/blob/f8ee2270409f7a13125cd414c450740af605a175/src/Sql/dbo/Auth/Stored%20Procedures/AuthRequest_DeleteIfExpired.sql
+        let expiry_time = Utc::now().naive_utc() - chrono::TimeDelta::try_minutes(15).unwrap();
        for auth_request in Self::find_created_before(&expiry_time, conn).await {
            auth_request.delete(conn).await.ok();
        }