squat
commented
7 months ago are we accepting expired tokens? or are we being more conservative?
Closed chamini2 closed 7 months ago
squat
commented
7 months ago are we accepting expired tokens? or are we being more conservative?
chamini2
commented
7 months ago Updated the caption @squat. Ultimately this does not make us more or less conservative, because the actual accepting of tokens happens in the controller, but this allows for less errors in the client.
squat
commented
7 months ago I still don't understand. Are we saying accepting expired tokens or are we rejecting them early?
It seems sometimes
iat(issued at) value from auth0 id token has a slightly-later value than it should, so we are adding some leeway to let those pass.