Hi, Oauth2 access token and openid connect IDToken both contains expiry time, confusion is are any relationship between those values or access token expiry time equal to IDToken expiry time.
Openid connect specification mentioned that [1] *Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. See RFC 3339 <http://openid.net/specs/openid-connect-core-1_0.html#RFC3339> [RFC3339] for details regarding date/times in general and UTC in particular* But there is no information about how this relates to access token expiry time. WDYT? [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
