From ebb4adab0e379159a47cbac01457cb3ed0caeec8 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Tue, 14 Nov 2023 22:06:49 +0100
Subject: [PATCH] Allow for more clock drift when generating the JWT

In my tests, sometimes even though the 10 minutes maximum expire time
worked when searching for the comment, it still was possible for the
subsequent request (appending to the comment) to fail with:

	'Expiration time' claim ('exp') is too far in the future

Let's work around that by avoiding the full 10 minutes expiry and going
for 9 instead.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 GitForWindowsHelper/github-api-request-as-app.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/GitForWindowsHelper/github-api-request-as-app.js b/GitForWindowsHelper/github-api-request-as-app.js
index e9588af8..235f73ae 100644
--- a/GitForWindowsHelper/github-api-request-as-app.js
+++ b/GitForWindowsHelper/github-api-request-as-app.js
@@ -9,8 +9,8 @@ module.exports = async (context, requestMethod, requestPath, body) => {
     const payload = {
         // issued at time, 60 seconds in the past to allow for clock drift
         iat: now - 60,
-        // JWT expiration time (10 minute maximum)
-        exp: now + (10 * 60),
+        // JWT expiration time (10 minute maximum, use 9 to allow for clock drift)
+        exp: now + (9 * 60),
         // GitHub App's identifier
         iss: process.env['GITHUB_APP_ID']
     }