You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The TokenValidator uses the default ClockSkew of 5 minutes when validating JWTs. Having a generous clock skew is meant to be forgiving to clients that have their system clock out of sync. But in IdentityServer we only validates tokens that were issued by IdentityServer itself. It's the same clock that issued the token that validates it. We could do with a (near)-zero ClockSkew.
The only time a ClockSkew would be relevant to have is if there's a cluster and the times in the cluster are not in sync. But if the clocks in your cluster is more than a few seconds off there's a problem to your intrastructure.
I suggest setting the ClockSkew to 5 seconds in the TokenValidator
The text was updated successfully, but these errors were encountered:
The
TokenValidatoruses the defaultClockSkewof 5 minutes when validating JWTs. Having a generous clock skew is meant to be forgiving to clients that have their system clock out of sync. But in IdentityServer we only validates tokens that were issued by IdentityServer itself. It's the same clock that issued the token that validates it. We could do with a (near)-zero ClockSkew.The only time a ClockSkew would be relevant to have is if there's a cluster and the times in the cluster are not in sync. But if the clocks in your cluster is more than a few seconds off there's a problem to your intrastructure.
I suggest setting the ClockSkew to 5 seconds in the
TokenValidatorThe text was updated successfully, but these errors were encountered: