Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle case where client time has drifted further than 500ms after we have saved the server time offset #441

Open
marto83 opened this issue Sep 24, 2020 · 2 comments
Labels
bug Something isn't working. It's clear that this does need to be fixed.

Comments

@marto83
Copy link
Contributor

marto83 commented Sep 24, 2020

It's a continuation of spec item (RSA4b1). Once we have saved the server time we should check if the client time hasn't drifted further. In this case we should call and get Server time again

┆Issue is synchronized with this Jira Story by Unito

@sacOO7
Copy link
Collaborator

sacOO7 commented Oct 27, 2020

Two solutions were proposed based on the internal discussion ->

  1. comparing it with UTC time on local (Need to validate if UTC time changes when the user changes time for a clock .. it should be same on all computer irrespective of set time)
  2. starting a stopwatch, to keep track of drifted time (if a client changes it manually), if it drifts by +/-500 ms, mark token as expired.

@sacOO7
Copy link
Collaborator

sacOO7 commented Oct 27, 2020

According to recent findings, it seems the first solution is already in place. I will try to implement it using the second solution.

@QuintinWillison QuintinWillison added bug Something isn't working. It's clear that this does need to be fixed. and removed spec-alignment labels Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working. It's clear that this does need to be fixed.
Development

No branches or pull requests

4 participants