Access Token Lifetime Incorrectly Using Days Instead of Minutes #374
Description
In config.example.toml:
[atoma_auth]
access_token_lifetime = 1 # in minutes
refresh_token_lifetime = 1 # in daysHowever,
In atoma-auth/src/auth.rs, the generate_access_token method incorrectly uses Duration::days() for the access token expiration:
This will increase the window of vulnerability if an access token is compromised, as it remains valid for 24x longer than intended.
let expiration = Utc::now() + Duration::days(self.access_token_lifetime as i64);
```,