Allow for more clock drift when generating the JWT

In my tests, sometimes even though the 10 minutes maximum expire time worked when searching for the comment, it still was possible for the subsequent request (appending to the comment) to fail with: 'Expiration time' claim ('exp') is too far in the future Let's work around that by avoiding the full 10 minutes expiry and going for 9 instead. Signed-off-by: Johannes Schindelin <[email protected]>
git-for-windows · Nov 14, 2023 · ebb4ada · ebb4ada
1 parent b7f1171
commit ebb4ada
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/GitForWindowsHelper/github-api-request-as-app.js b/GitForWindowsHelper/github-api-request-as-app.js
@@ -9,8 +9,8 @@ module.exports = async (context, requestMethod, requestPath, body) => {
     const payload = {
         // issued at time, 60 seconds in the past to allow for clock drift
         iat: now - 60,
-        // JWT expiration time (10 minute maximum)
-        exp: now + (10 * 60),
+        // JWT expiration time (10 minute maximum, use 9 to allow for clock drift)
+        exp: now + (9 * 60),
         // GitHub App's identifier
         iss: process.env['GITHUB_APP_ID']
     }