From a9cfc554ffebf8c06cd2180ea2b1aefbc5136b80 Mon Sep 17 00:00:00 2001
From: wulff <wulff@ratatosk.net>
Date: Mon, 15 Jun 2020 09:50:06 +0200
Subject: [PATCH] Add small leeway to the token validation

---
 src/Provider/MobilePay.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Provider/MobilePay.php b/src/Provider/MobilePay.php
index 39fec94..fe2815c 100644
--- a/src/Provider/MobilePay.php
+++ b/src/Provider/MobilePay.php
@@ -18,6 +18,14 @@
 
 class MobilePay extends AbstractProvider
 {
+    /**
+     * The spec allows for a leeway of no more that a few minutes to allow for
+     * clock skew between the issuing server and the verifying server.
+     *
+     * @see Section 4.1 of RFC7519.
+     */
+    protected const JWT_LEEWAY = 30;
+
     /**
      * @var array
      */
@@ -175,7 +183,7 @@ protected function checkResponse(ResponseInterface $response, $data)
 
         $token = $parser->parse($data['id_token']);
 
-        $validator = new ValidationData($this->timestamp);
+        $validator = new ValidationData($this->timestamp, self::JWT_LEEWAY);
         $validator->setIssuer($this->configuration['issuer']);
         $validator->setAudience($this->clientId);