Currently the /config endpoint allows the user to manage a allowed time offset for OIDC generated tokens.
This feature becomes particularly valuable when the OIDC Provider and the Device (IED) are synchronized to different NTP Servers, resulting in a slight offset of the token's issued timestamp and therefore forbidding the login with the provided token.
An example error when this happens is shown in the following image:
In the given example, the error shows a time offset of 5 seconds between the two timestamps.
NOTICE
The displayed timestamps already include the configured offset.
For example, if the configured offset was set to 10 seconds, the total time difference between the servers would be 15 seconds. This means that the minimum allowed offset of 15 seconds is required for a successful login in this particular setup.
To configure the time offset or ClockSkew the API can be used as following:
Log into the Edge Device as admin, like described in the previous chapter and use the access_token for the config call.
curl -X POST \
'https://<ip of device>/device/edge/auth/api/v1/oidc-providers/config' \
--header 'Accept: */*' \
--header 'Authorization: {{access_token}}' \
--header 'Content-Type: application/json' \
--data '{
"oidcClockSkew": 6000
}'