lib/rack/prx_auth.rb in prx_auth-1.3.0 vs lib/rack/prx_auth.rb in prx_auth-1.4.0

@@ -51,10 +51,15 @@
         {}
       end
     end
 
     def expired?(claims)
-      Time.now.to_i > (claims['iat'] + claims['exp'])
+      now = Time.now.to_i - 30 # 30 second clock jitter allowance
+      if claims['iat'] <= claims['exp']
+        now > claims['exp']
+      else
+        now > (claims['iat'] + claims['exp'])
+      end
     end
 
     def should_validate_token?(claims)
       claims['iss'] == @issuer
     end