go-oidc icon indicating copy to clipboard operation
go-oidc copied to clipboard

Published 20 hours ago verified publisher icon coreos

Add configurable clock skew

Open cgostuff opened this issue 3 years ago • 1 comments

This implements clock skew similar to AzureAD. The existing solution with 5 min nbf leeway and a configurable time function does not let you get a true 5 min clock skew, because the time.now() function used to check expiry is reused to check the nbf-constraint.

This is configurable in .NET TokenValidationParameters.ClockSkew Property, and is used like this in IdentityServer4 PrivateKeyJwtSecretValidator.cs#L106.

cgostuff avatar Dec 14 '21 16:12 cgostuff

Any word on this? I was also looking for such a feature.

jordaniversen avatar Mar 28 '22 13:03 jordaniversen