oauth2-openid-connect-client icon indicating copy to clipboard operation
oauth2-openid-connect-client copied to clipboard

Published 20 hours ago verified publisher icon steverhoades

WIP: expToleranceSeconds like nbfToleranceSeconds

Open croensch opened this issue 4 years ago • 1 comments

We get the message The id_token did not pass validation. (%i is invalid as it is not greater than %i). So i quickly added this fix.

croensch avatar Jul 20 '20 08:07 croensch

@croensch thank you for the contribution. Please let me know when this is out of WIP and i'll take a look.

steverhoades avatar Jul 24 '20 17:07 steverhoades

I guess back then when we used this library we had an IDP which had an expiry of one minute and the systems involved were off by about two minutes. Sure addding expiry tolerance, another minute in our case, works. But if you have expiry problems and can't fix the clocks on your systems you should tune your IDP instead.

I'd rather have this library use the JWT library's validation which supports the common leeway. But that's a topic for another PR.

croensch avatar Mar 12 '23 11:03 croensch