The grace period for token validation is currently hard-coded to 60 seconds, see here:
|
# As suggested in the spec, we give a 60s grace period to account |
|
# for inaccurate clocks. |
|
check_expiration_time <- function(payload){ |
|
if(length(payload$exp)){ |
|
stopifnot("exp claim is a number" = is.numeric(payload$exp)) |
|
expdate <- structure(payload$exp, class = c("POSIXct", "POSIXt")) |
|
if(expdate < (Sys.time() - 60)){ |
|
stop(paste("Token has expired on", expdate), call. = FALSE) |
|
} |
|
} |
|
if(length(payload$nbf)){ |
|
stopifnot("nbf claim is a number" = is.numeric(payload$nbf)) |
|
nbfdate <- structure(payload$nbf, class = c("POSIXct", "POSIXt")) |
|
if(nbfdate > (Sys.time() + 60)){ |
|
stop(paste("Token is not valid before", nbfdate), call. = FALSE) |
|
} |
|
} |
|
} |
Would it be possible to make this configurable? It would help to test the token expiration functionality.