Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clock skew of 5 minutes #512

Closed
cleberdantas opened this issue Dec 17, 2018 · 3 comments
Closed

Clock skew of 5 minutes #512

cleberdantas opened this issue Dec 17, 2018 · 3 comments
Labels
enhancement Enhancement to an existing feature or behavior.

Comments

@cleberdantas
Copy link

microsoft-authentication-library-for-js/lib/msal-core/src/UserAgentApplication.ts

Line 883 in fa8ce39

const offset = this._clockSkew || 300;

Is this clock skew thing really necessary? I've just spent 2 hours debugging an application that prematurely disconnects users, 5 minutes before the expiresIn that was configured (in Azure B2C)! Does anyone know the necessity or motivation for this trick?
@navyasric
Copy link
Contributor

The need of the clock skew is to avoid situations where the client clock and the token issuing service clock are not exactly in sync. However, we plan to make it a configurable value and is in our backlog.

Why is your app disconnecting and why do you think this offset is causing it?

@cleberdantas
Copy link
Author

@navyasric thanks for the response. I think making this configurable would be nice.

While I was debugging my application that did not acquired token silently #513, I went to Azure AD B2C and configured the token lifetime to 5 minutes (to facilitate the debugging), since my clock and AD B2C clock were in sync AND the name was not set in the Id Token (refer to the other issue) AND the clock skew was set to 300 (5 minutes, which "invalidate" my 5 minutes token) I was branched out to the redirect login page situation, so this is my "disconnect" situation.

Probably if the #513 was not a issue I would never been caught by this problem at all.

Thanks.

@navyasric navyasric added backlog enhancement Enhancement to an existing feature or behavior. and removed backlog labels Jan 4, 2019
@navyasric navyasric added the core label Apr 10, 2019
@sameerag
Copy link
Member

@cleberdantas We have enhanced our library to make this configurable. In the latest preview of msal, Configuration takes a parameter:

tokenRenewalOffsetSeconds?: number;

Which addresses this issue.

We have recently gone through a redesign of the library's API surface. Please download our latest preview package or pull the dev branch and try updating your code and see if the issue still persists.

Please re-open this issue if it persists. We are now throwing error stack traces so we can understand better why your code is failing.

If you would like guidance on how to use the new version of the library, please review our wiki page here.

@sameerag sameerag mentioned this issue May 1, 2019
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Enhancement to an existing feature or behavior.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cleberdantas @navyasric @sameerag