From 1fefafdbad6d25d996cb67989f2d412b061ae77c Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Thu, 11 Dec 2025 02:25:40 +0100
Subject: [PATCH] fix(api): :bug: Set default authorization code expiration
 time to 10 minutes

---
 packages/api/routes/oauth/sso/[issuer]/callback.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/api/routes/oauth/sso/[issuer]/callback.ts b/packages/api/routes/oauth/sso/[issuer]/callback.ts
index fe5d1164..83581a67 100644
--- a/packages/api/routes/oauth/sso/[issuer]/callback.ts
+++ b/packages/api/routes/oauth/sso/[issuer]/callback.ts
@@ -278,7 +278,7 @@ export default apiRoute((app) => {
             await db.insert(AuthorizationCodes).values({
                 clientId: flow.client.id,
                 code,
-                expiresAt: new Date(Date.now() + 60 * 1000).toISOString(), // 1 minute
+                expiresAt: new Date(Date.now() + 10 * 60 * 1000).toISOString(), // 10 minutes
                 redirectUri: flow.clientRedirectUri ?? undefined,
                 userId: user.id,
                 scopes: flow.clientScopes ?? [],