Closed crmb closed 1 year ago
Hi @crmb, It's weird, there should be a problem with your or their time. You should be able to inspect the iat
claim value with your time.
But if you need it, you can set the clock tolerance like this (it will set the allowedTimeDrift
):
use Facile\OpenIDClient\Service\Builder\AuthorizationServiceBuilder;
use Facile\OpenIDClient\Token\IdTokenVerifierBuilder;
$verifierBuilder = (new IdTokenVerifierBuilder())
->setClockTolerance(5); // 5 seconds
$authorizationService = (new AuthorizationServiceBuilder())
->setIdTokenVerifierBuilder($verifierBuilder)
->build();
Thanks you. I will investigate further on the time. Good to know that i can set the drift tolerance here by then.
Using : php7.4-fpm w/ extension "gmp" Despite using ntpd i most often get the following error while trying to get the tokenSet
The OpenID authorization server is from SalesForce which i presume is also at the correct time. (They say i am the only one to have this issue)
I can mitigate the issue by setting a "allowedTimeDrift" of 8 in vendor/web-token/jwt-checker/IssuedAtChecker.php