Add several minutes of default leeway to reduce issues with time mis-alignment

Created on 14 March 2024, 11 months ago

Updated 14 August 2024, 6 months ago

In our use of the JWT library, we are not configuring any leeway in the NBF or IAT time checking.

If you JWT is generated 1 sec in advance of the server time, it will be rejected.

Add a default leeway, maybe configurable as a service parameter

Looks like 5 minutes should be a reasonable choice - the default in Kerberos and the limit in the Windows system

Add code and tests

n/a

n/a

n/a

✨ Feature request

Status

Needs review

Version

2.0

Component

Code

Created by

🇺🇸United States pwolanin

Live updates comments and jobs are added and updated live.

Merge Requests

Issue created by @pwolanin
Comment 11 months ago →
🇺🇸United States pwolanin
Merge request !9Add leeway for JWT → (Open) created by pwolanin
Status changed to Needs review 6 months ago3:20pm 14 August 2024
Comment 6 months ago →
🇺🇸United States pwolanin
Comment 6 months ago →
🇺🇸United States pwolanin
There is another request for a container parameter. The goal here is just to make it work better for everyone by default in a simple way

Production build 0.71.5 2024