Simplify ClockSkew config

coreos · Dec 14, 2021 · 5d6a6a7 · 5d6a6a7
1 parent 7764407
commit 5d6a6a7
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/oidc/verify.go b/oidc/verify.go
@@ -101,8 +101,8 @@ type Config struct {
 	// Time function to check Token expiry. Defaults to time.Now
 	Now func() time.Time
 
-	// Duration function for clock skew. Defaults to 5 minutes.
-	ClockSkew func() time.Duration
+	// Duration for clock skew. Defaults to 5 minutes.
+	ClockSkew time.Duration
 }
 
 // Verifier returns an IDTokenVerifier that uses the provider's key set to verify JWTs.
@@ -273,8 +273,8 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok
 		// Set to 5 minutes by default since this is what other OpenID Connect providers do to deal with clock skew.
 		// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/6.12.2/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs#L149-L153
 		clockSkew := 5 * time.Minute
-		if v.config.ClockSkew != nil {
-			clockSkew = v.config.ClockSkew()
+		if v.config.ClockSkew > 0 {
+			clockSkew = v.config.ClockSkew
 		}
 
 		if t.Expiry.Before(nowTime.Add(-clockSkew)) {