[Users] expired OAuth2 token treated as still fresh, will not update
David Fletcher
David at megapico.co.uk
Mon Nov 7 21:49:40 UTC 2022
>The old token expiry still had 1200 seconds left, so almost 3 hours since
>it was created. Could have been anything from library bug to i/o buffer
>corruption, etc., especially since it only affected 1 account and not the
>other. Will ignore unless it happens again.
The only thing I've noticed is that the epoch based time in seconds is
being stored in a standard int variable (which will be 32 bit in gcc),
not a 64 bit integer. That means time will wrap around on January 19,
2038! That could cause an OAUTH2 token issued just before the time
wrap-around to appear wrongly unexpired when tested after the
wrap-around.
But that should be a one off issue in 2038, not now.
More information about the Users
mailing list