ID Token Expiry time was added to Service Provider level recently as an improvement.
We need to validate at the admin service level and set the server level default value for id token expiry time if not specified by the user. We have done similar validations for access token / refresh token expiry IIRC. So yes, this needs to be fixed. On Wednesday, June 6, 2018, Megala Uthayakumar <meg...@wso2.com> wrote: > This was noticed while running test cases, where we create Service > Provider through admin service. > > Thanks. > > Regards, > Megala > > On Wed, Jun 6, 2018 at 12:11 AM, Megala Uthayakumar <meg...@wso2.com> > wrote: > >> Hi, >> >> I noticed $subject in the latest snapshot pack of IS. If the user does >> not specifically configure in service provider level, in the generated ID >> token, expiry time claim and issue time claim has the same value and it is >> not usable. >> >> IMHO, it is better to have a default value greater than 0. >> >> Thanks. >> >> Regards, >> Megala >> >> -- >> Megala Uthayakumar >> >> Senior Software Engineer >> Mobile : 0779967122 >> > > > > -- > Megala Uthayakumar > > Senior Software Engineer > Mobile : 0779967122 > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
