valid access token passes introspection but fails at userinfo

[melanger]

I have an access token which is valid (according to database and introspection) but userinfo rejects it at the same time.

The error message is coming from here: https://github.com/IdentityPython/oidc-op/blob/2f81e246ff9ef412f5dc786cd2cfa5dd5fccf9e1/src/oidcop/oidc/userinfo.py#L131-L138

It might be a misalignment of different time formats or time zones.

• in the database, there is expires_at: ISODate("2023-04-05T23:54:22.000Z")
• I ran the userinfo request on 2023-04-05 at 23:32 CEST (+2)
• th error message said authentication not valid: 2023-04-05 12:54:22 > 2023-04-05 21:32:46 where
  • 2023-04-05 12:54:22 is probably wrong, it should be the same as expires_at
  • 2023-04-05 21:32:46 is the current time but GMT (+0) instead of CEST (+2)