Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi Folks, I have some cases to share and need to check for the condition. We've found the customer's issue with unsuccessful authentication because They set the time faster than usual by +15 minutes. So it makes an API call return status 400 bad request (token issue). Except if they set the time lower than 10 minutes authentication will be successful. I think this problem may be related to the request challenge expiration because we set it to 10 minutes. What do you think? Is it possible to relate or not?