openid
Change or skip allowed time skew for ID token issue time validation
Checklist
- [x] I read the Contribution Guidelines
- [x] I signed the CLA and WG Agreements
- [x] I ran, updated and added unit tests as necessary.
- [x] I verified the contribution matches existing coding style.
- [x] I updated the documentation if necessary.
Motivation and Context
Change aims to address issue in #830 by adding the ability to either disable or change the allowed time skew for the ID Token issued at time (iat). Changing the allowed time skew can be useful because the clock on some devices can go beyond the default of 10 minutes. The OIDC specs do not define a specific timeframe, and the default of 10 minutes is still used when the new options are not used.
Description
I followed a similar approach as #662 already did for skipping the issuer https check.
- To change the default allowed time skew of 10 minutes for the issue time, setAllowedIssueTimeSkew can be used.
AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
.setAllowedIssueTimeSkew(THIRTY_MINUTES_IN_SECONDS)
.build()
- For testing environments setSkipIssueTimeValidation can be used to bypass the issue time validation.
AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
.setSkipIssueTimeValidation(true)
.build()
This is a feature we've been waiting for for so long! Please review and accept, and we can move on from depending on v0.7.1 of the library :)
Hi repo maintainers :) , Any news on this? Have been waiting for a month.... @WilliamDenniss @iainmcgin @StevenEWright
agologan I see you seem to be one of the maintainers now? forgive me if I've misunderstood that. Any response to this PR please? We have been waiting a long time for this to be fixed.
