Question: slack_before vs. token expiry #20
-
Hi Mr. Zandbelt and community, I am migrating from mod_auth_openidc to (additionally) mod_oauth2. I issued a token in Postman at 14:30, set the slack_before to 450s (7.5minuts) and used it at 14:31 => works
Now, the documentation and logic is consistent, but I do not quite understand the setting (which has a default value of 10 seconds, making a token only valid (to mod_oauth2) for 10 seconds after issuance)? And slack_after is to deal with "clock drift" if the issuing server has a time "in the future", but then the same problem concerning expiry/validity exists. Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 8 replies
-
both |
Beta Was this translation helpful? Give feedback.
both
slack_before
andslack_after
are only meant to deal with clock drift and should typically be left to their standard values