Increase ID Token acceptable iat clock skew to +/- 10min

manotnemanja · Jul 7, 2018 · d6ff5a1 · d6ff5a1
1 parent b9d3ce7
commit d6ff5a1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Source/OIDAuthorizationService.m b/Source/OIDAuthorizationService.m
@@ -473,9 +473,9 @@ + (void)performTokenRequest:(OIDTokenRequest *)request
       }
 
       // OpenID Connect Core Section 3.1.3.7. rule #10
-      // Validates that the issued at time is not more than +/- 5 minutes on the current time.
+      // Validates that the issued at time is not more than +/- 10 minutes on the current time.
       NSTimeInterval issuedAtDifference = [idToken.issuedAt timeIntervalSinceNow];
-      if (fabs(issuedAtDifference) > 300) {
+      if (fabs(issuedAtDifference) > 600) {
         NSError *invalidIDToken =
           [OIDErrorUtilities errorWithCode:OIDErrorCodeIDTokenFailedValidationError
                            underlyingError:nil