ajmyyra
commented
5 years ago Indeed! I've never run into this since I'm usually always on UTC in all my machines, but definitely a good thing to have as default. Will look into it, thank you!
Open ryandawsonuk opened 5 years ago
ajmyyra
commented
5 years ago Indeed! I've never run into this since I'm usually always on UTC in all my machines, but definitely a good thing to have as default. Will look into it, thank you!
I think it would be best-practice to use UTC time explicitly as the dex codebase does:
https://github.com/dexidp/dex/search?q=UTC&unscoped_q=UTC
Otherwise the code will just use whatever timezone the server is using.
I hit this when using a dex setup with a local client and this auth service running in the server. The server was on UTC and my local wasn't. So tokens generated on my local were rejected by the server, which was doing a check on when it was issued and thinking it was being used before it was even issued. It is a fringe use-case and we were able to address it by changing the local to use UTC. But it highlights why making UTC explicit might be a better practice.