leastprivilege
commented
7 years ago I don't think this is the case - both versions use the MS JWT handler under the covers which always had a 5 min clock skew.
Is this a problem?
Closed senj closed 7 years ago
leastprivilege
commented
7 years ago I don't think this is the case - both versions use the MS JWT handler under the covers which always had a 5 min clock skew.
Is this a problem?
senj
commented
7 years ago Ok, knowing that it's 5 min is a good start. So if the "exp" flag within the token is 9:00, the token won't be accepted after 9:05?
If a client checks for token expiry, sees that it will expire at 9:00 and there is an error getting a new token, maybe this is the reason it doesn't work at 9:00 on the one system but still works on the other.
Hey,
I'm using JWTs. I have a project using IdentityServer3.AccessTokenValidation and some newer ones using Version 4. If a token expires, Version 3 complains in the exact amout of time that the token is invalid. On the other hand, Version 4 accepts the token even some minutes after expiry.
Is this by design? Is there a setting to controle the "time padding"?