add 5 second leeway

ylebre · ylebre · commit 315e517d4c9a · 2021-03-12T15:49:34.000+01:00
diff --git a/src/Utils/DPop.php b/src/Utils/DPop.php
@@ -162,7 +162,8 @@ private function validateDpop($dpop, $request) {
 
 		//error_log("8");
 		// 8.  the token was issued within an acceptable timeframe (see Section 9.1), and
-		$validationData = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
+		$leeway = 5; // allow 5 seconds clock skew
+		$validationData = new ValidationData(time() + $leeway); // It will use the current time to validate (iat, nbf and exp)
 		if (!$dpop->validate($validationData)) {
 			throw new \Exception("token timing is invalid");
 		}

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,8 @@ private function validateDpop($dpop, $request) {`
`162`	`162`
`163`	`163`	`//error_log("8");`
`164`	`164`	`// 8. the token was issued within an acceptable timeframe (see Section 9.1), and`
`165`		`- $validationData = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)`
	`165`	`+ $leeway = 5; // allow 5 seconds clock skew`
	`166`	`+ $validationData = new ValidationData(time() + $leeway); // It will use the current time to validate (iat, nbf and exp)`
`166`	`167`	`if (!$dpop->validate($validationData)) {`
`167`	`168`	`throw new \Exception("token timing is invalid");`
`168`	`169`	`}`