-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(clerk-js): Use the issued at timestamp from JWT for the MemoryTokenCache #1911
Conversation
|
d10ddea
to
b1be06f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❓ What issue this change will resolve?
Also i think that using the issuedAt
instead of the end-user clock will not work for end-user with a clockSkew. The current implementation keeps the creation DateTime of the token based on the end-user clock and the expiration duration from the token using expiresAt - issuedAt
to calculate the exact time the token will expire based on the end-user clock.
Example:
End-user A with clockSkew 10 minutes (compared to the FAPI server), retrieves token with issuedAt at 00:10:00
that will expire in 60 seconds 00:11:00
and the end-user clock is 00:00:00
. After 5 seconds Frontend code executes getToken()
and tokenCache.get()
is executed. The code in packages/clerk-js/src/core/tokenCache.ts will be executed in the end-user with :
const nowSeconds = Math.floor(Date.now() / 1000); // "00:00:05"
const elapsedSeconds = nowSeconds - value.createdAt!; // "00:00:05" - "00:10:00"
const expiresSoon = value.expiresIn! - elapsedSeconds < (leeway || 1) + SYNC_LEEWAY; // 60 - 595 < 10 - 5
b1be06f
to
6bb41d5
Compare
45f63c6
to
91c35c6
Compare
This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Description
This PR changes the
createdAt
value when storing a token to theMemoryTokenCache
from the current user time to the issued at time of the token to check how much time has elapsed from when the token has been issued.Checklist
npm test
runs as expected.npm run build
runs as expected.Type of change
Packages affected
@clerk/clerk-js
@clerk/clerk-react
@clerk/nextjs
@clerk/remix
@clerk/types
@clerk/themes
@clerk/localizations
@clerk/clerk-expo
@clerk/backend
@clerk/clerk-sdk-node
@clerk/shared
@clerk/fastify
@clerk/chrome-extension
gatsby-plugin-clerk
build/tooling/chore