valid access token passes introspection but fails at userinfo

[melanger]

I have an access token which is valid (according to database and introspection) but userinfo rejects it at the same time.

The error message is coming from here:

oidc-op/src/oidcop/oidc/userinfo.py

Lines 131 to 138 in 2f81e24

	if not _auth_event["valid_until"] >= utc_time_sans_frac():
	logger.debug(
	"authentication not valid: {} > {}".format(
	datetime.fromtimestamp(_auth_event["valid_until"]),
	datetime.fromtimestamp(utc_time_sans_frac()),
	)
	)
	allowed = False

It might be a misalignment of different time formats or time zones.

• in the database, there is expires_at: ISODate("2023-04-05T23:54:22.000Z")
• I ran the userinfo request on 2023-04-05 at 23:32 CEST (+2)
• th error message said authentication not valid: 2023-04-05 12:54:22 > 2023-04-05 21:32:46 where
  • 2023-04-05 12:54:22 is probably wrong, it should be the same as expires_at
  • 2023-04-05 21:32:46 is the current time but GMT (+0) instead of CEST (+2)