On Wed, May 31, 2017 at 1:08 PM, Farasath Ahamed <[email protected]> wrote:
> > On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi Dinali, >> >> Consider the following calculation. >> >> expiry time = issuedTimeInMillis + validityPeriodMillis - >> (System.currentTimeMillis() - timestampSkew) >> >> So actually token is valid for (validityPeriodMillis + timestampSkew) >> seconds. This additional time is added to avoid the error occurred due to >> the time synchronization issues between servers. >> >> If your servers are perfectly synced then you can use timestampSkew >> value as 0. >> > > If we do not have any reasoning behind this 300s value the shouldn't our > default value be 0 as Dinali has suggested? > Yes. Best practice is to syn server's time properly. +1 keeping 0 as the default value.. > > >> Thanks, >> Thanuja >> >> >> On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <[email protected]> >> wrote: >> >>> Hi All, >>> >>> In our identity.xml the default timeStampScrew value is used as 300 >>> seconds. Shouldn't this be 0 seconds? >>> >>> Because when we are getting a token from password grant type again and >>> again *without a time delay*, the expiry time of the token >>> increases than its accepted value because of this equation we are using. >>> >>> expiry time = issuedTimeInMillis + validityPeriodMillis - (System. >>> currentTimeMillis() - timestampSkew); >>> >>> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds, >>> therefore, expiry time = 3644 seconds which can not be happened. >>> >>> Therefore, it is better to have the default timeStampScrew value as 0 >>> seconds in order to get correct results. >>> >>> >>> Thanks! >>> >>> -- >>> *Dinali Rosemin Dabarera* >>> Software Engineer >>> WSO2 Lanka (pvt) Ltd. >>> Web: http://wso2.com/ >>> Email : [email protected] >>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>> Mobile: +94770198933 <+94%2077%20019%208933> >>> >>> >>> >>> >>> <https://lk.linkedin.com/in/dinalidabarera> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> -- >> *Thanuja Lakmal* >> Associate Technical Lead >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
