Add small leeway to the token validation

informeren · Jun 15, 2020 · a9cfc55 · a9cfc55
1 parent 8c288e4
commit a9cfc55
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/Provider/MobilePay.php b/src/Provider/MobilePay.php
@@ -18,6 +18,14 @@
 
 class MobilePay extends AbstractProvider
 {
+    /**
+     * The spec allows for a leeway of no more that a few minutes to allow for
+     * clock skew between the issuing server and the verifying server.
+     *
+     * @see Section 4.1 of RFC7519.
+     */
+    protected const JWT_LEEWAY = 30;
+
     /**
      * @var array
      */
@@ -175,7 +183,7 @@ protected function checkResponse(ResponseInterface $response, $data)
 
         $token = $parser->parse($data['id_token']);
 
-        $validator = new ValidationData($this->timestamp);
+        $validator = new ValidationData($this->timestamp, self::JWT_LEEWAY);
         $validator->setIssuer($this->configuration['issuer']);
         $validator->setAudience($this->clientId);