On our endpoint, we get an OIDC token and a refresh token. When the OIDC token has expired, we want to refresh the token using the provided refresh token. Currently, except for disabling all default validators, I see no way to only exclude expiry validation.
Is it possible in Jose4j?
答案 0 :(得分:0)
仅排除到期验证?还是只包含有效期验证?
像这样设置JWT Consumer基本上只会进行到期验证。
JwtConsumer consumer = new JwtConsumerBuilder()
.setDisableRequireSignature()
.setSkipSignatureVerification()
.setSkipDefaultAudienceValidation()
.setRequireExpirationTime()
.build();
要有效排除有效期验证,您可以在.setAllowedClockSkewInSeconds(2000000000)
上使用类似JwtConsumerBuilder
的内容