zamzterz / Flask-pyoidc

Flask extension for using pyoidc as authentication for Flask apps.
Apache License 2.0
80 stars 38 forks source link

Verify IDToken fails "Issued in the future" #147

Closed h4ckd0tm3 closed 1 year ago

h4ckd0tm3 commented 1 year ago

oic.oic.message.IATError: Issued in the future

It happens because the time of the token is 1674144487 and _now during the check in oic:message.py:800 is 1674144483 so it's of by 4. This would be no problem if _skew could somehow be configured in the extension and passed on to verify which supports it via **kwargs.

Any different approach I could go?