Skip to content

Commit

Permalink
Merge pull request #196 from oat-sa/fix/AUT-4031/leeway-set-for-token…
Browse files Browse the repository at this point in the history 
…-validation

fix: Set leeway value to 1s for token validation
  • Loading branch information
@yaraslau-kavaliou
yaraslau-kavaliou authored Jan 3, 2025
2 parents 39dbc68 + 6481380 commit 9858265
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/Security/Jwt/Configuration/ConfigurationFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

namespace OAT\Library\Lti1p3Core\Security\Jwt\Configuration;

use DateInterval;
use Lcobucci\Clock\SystemClock;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Encoding\JoseEncoder;
Expand Down Expand Up @@ -60,7 +61,7 @@ public function create(?KeyInterface $signingKey = null, ?KeyInterface $verifica
);

$configuration->setValidationConstraints(
new LooseValidAt(SystemClock::fromUTC()),
new LooseValidAt(SystemClock::fromUTC(), new DateInterval('PT1S')),
new SignedWith($configuration->signer(), $configuration->verificationKey())
);

Expand Down

0 comments on commit 9858265

Please sign in to comment.