Hi All, In our identity.xml the default timeStampScrew value is used as 300 seconds. Shouldn't this be 0 seconds?
Because when we are getting a token from password grant type again and again *without a time delay*, the expiry time of the token increases than its accepted value because of this equation we are using. expiry time = issuedTimeInMillis + validityPeriodMillis - (System. currentTimeMillis() - timestampSkew); Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds, therefore, expiry time = 3644 seconds which can not be happened. Therefore, it is better to have the default timeStampScrew value as 0 seconds in order to get correct results. Thanks! -- *Dinali Rosemin Dabarera* Software Engineer WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : [email protected] LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
