Hi. We’re using Hydra for oidc flows and use private_key_jwt as an authentication method. In the signed object, an iat claim is included. If any clients are at all ahead of the server time, the token request fails with “Token used before issued”. I see that the code in Fosite is commented as not supporting any clock skew. I’d be willing to try and help get this fixed. Are there deeper issues as to why this wasn’t handled?
02/11/2022, 8:59 AM
The biggest issue was probably a lack of priority and if you would be willing to look into this 🙏
The best course is probably to open an issue in https://github.com/ory/fosite (i presume the change is in fosite), discuss your changes with the core maintainers and then get hacking gohack
02/11/2022, 2:16 PM
Thanks, I’ll do that. I can see where the clock skew needs to be applied in Fosite, but I think the skew should likely be configurable. Trying to figure out how to do that is a challenge (for me) right now.