Skip to content

OIDC_LEEWAY is used even if there is an exp property on the JWT tokens #28

New issue
New issue
Open
Open
OIDC_LEEWAY is used even if there is an exp property on the JWT tokens#28
@olethanh

Description

@olethanh
olethanh
opened on Feb 15, 2018

Hi,
even if there is an exp property on the token, the code verify the iat property (issued at) + OIDC_LEEWAY. Even if no OIDC_LEEWAY configured by the usr since there is a default.

This is lead to a lot of confusion in our team. Should this really be the default behavior? And if yes maybe it can be better documented?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions