26393733608
71%

Ran 25 May 2026 09:38AM UTC

Jobs 1

Files 188

Run time 1min

Badge

Embed ▾

Committed 25 May 2026 09:34AM UTC coverage: 70.856% (+0.01%) from 70.844%

Build # 26393733608

Build Type

push

github

Committed by

web-flow

Commit Message

chore: limit aal1 sessions correctly (#2452)

## What kind of change does this PR introduce?

Bug fix

## What is the current behavior?

When `MFA_ALLOW_LOW_AAL` is false, AAL1 sessions JWTs should be limited
to 15 minutes. Currently the JWT is created with an expiry set to the
standard session timeout. And the LOW_AAL timeout is only checked when
the refresh_token is issued.
This means AAL1 sessions can be valid beyond the 15 minute window.

## What is the new behavior?
AAL1 JWTs are limited to 15minutes.

---------

Co-authored-by: fadymak <dev@fadymak.com>

Coverage Stats

13 of 13 new or added lines in 2 files covered. (100.0%)

17160 of 24218 relevant lines covered (70.86%)

83.24 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	26393733608.1	25 May 2026 09:38AM UTC	188	70.86	GitHub Action Run

supabase / auth / 26393733608
71%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26393733608

supabase / auth / 26393733608 71%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26393733608

supabase / auth / 26393733608
71%

README BADGES
x