Hi Dinali, Consider the following calculation.
expiry time = issuedTimeInMillis + validityPeriodMillis - (System.currentTimeMillis() - timestampSkew) So actually token is valid for (validityPeriodMillis + timestampSkew) seconds. This additional time is added to avoid the error occurred due to the time synchronization issues between servers. If your servers are perfectly synced then you can use timestampSkew value as 0. Thanks, Thanuja On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <[email protected]> wrote: > Hi All, > > In our identity.xml the default timeStampScrew value is used as 300 > seconds. Shouldn't this be 0 seconds? > > Because when we are getting a token from password grant type again and > again *without a time delay*, the expiry time of the token increases than > its accepted value because of this equation we are using. > > expiry time = issuedTimeInMillis + validityPeriodMillis - (System. > currentTimeMillis() - timestampSkew); > > Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds, > therefore, expiry time = 3644 seconds which can not be happened. > > Therefore, it is better to have the default timeStampScrew value as 0 > seconds in order to get correct results. > > > Thanks! > > -- > *Dinali Rosemin Dabarera* > Software Engineer > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : [email protected] > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 <+94%2077%20019%208933> > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- *Thanuja Lakmal* Associate Technical Lead WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
