On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe <than...@wso2.com> wrote:
> Hi Dinali, > > Consider the following calculation. > > expiry time = issuedTimeInMillis + validityPeriodMillis - > (System.currentTimeMillis() - timestampSkew) > > So actually token is valid for (validityPeriodMillis + timestampSkew) > seconds. This additional time is added to avoid the error occurred due to > the time synchronization issues between servers. > > If your servers are perfectly synced then you can use timestampSkew value > as 0. > If we do not have any reasoning behind this 300s value the shouldn't our default value be 0 as Dinali has suggested? > Thanks, > Thanuja > > > On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <din...@wso2.com> wrote: > >> Hi All, >> >> In our identity.xml the default timeStampScrew value is used as 300 >> seconds. Shouldn't this be 0 seconds? >> >> Because when we are getting a token from password grant type again and >> again *without a time delay*, the expiry time of the token >> increases than its accepted value because of this equation we are using. >> >> expiry time = issuedTimeInMillis + validityPeriodMillis - (System. >> currentTimeMillis() - timestampSkew); >> >> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds, >> therefore, expiry time = 3644 seconds which can not be happened. >> >> Therefore, it is better to have the default timeStampScrew value as 0 >> seconds in order to get correct results. >> >> >> Thanks! >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 <+94%2077%20019%208933> >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > *Thanuja Lakmal* > Associate Technical Lead > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture