angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard

Published 20 hours ago verified publisher icon damienbod

max_id_token_iat_offset_allowed_in_seconds not working correctly

Open CommanderOS opened this issue 5 years ago • 3 comments
trafficstars

Describe the bug max_id_token_iat_offset_allowed_in_seconds is not working the way it supposed to work, the token is not invalidated.

To Reproduce Steps to reproduce the behavior:

  1. Set the max_id_token_iat_offset_allowed_in_seconds to 600 seconds.
  2. Change the clock on the pc to 10 minutes behind global clock. or 3.Set the clock on the pc to 10 minutes infront of the global clock.

Expected behavior Expected to get an event that the difference is more than the offset allowed.

Behaviour When time is behind the global clock token always remains active. When time is after the global clock the token is invalidated only if time difference is below one minute.

CommanderOS avatar Jun 26 '20 11:06 CommanderOS

@FabianGosebrink Maybe we could add a test to validate this

damienbod avatar Mar 06 '21 07:03 damienbod

Any update on this?

woeterman94 avatar Jun 03 '21 11:06 woeterman94

Since we released new versions since the bug came up: Is this bug still relevant?

FabianGosebrink avatar Jul 13 '22 08:07 FabianGosebrink

Closing as there hasn't been any response from the issue author. Please re-open if you are still seeing problems here.

FabianGosebrink avatar Nov 30 '22 06:11 FabianGosebrink