Handle clock skew with leeway option

[qburnsFB]

Description

Getting this error when running from my local server:

id_token issued in the future, now 1570650460, iat 1570650461

Running on a pushed production server works as expected.

According to the Auth0 ref, we can set a leeway integer to deal with small amount of clock skew. However, this library doesn't seem to support it as an option.

I saw a commit merged earlier today that solved a similar issue with the audience option. I tried following in their footsteps by adding settings.leeway to the handlers/login.js. I see it correctly added to the url when logging in, yet I still receive the error.

Reproduction

Possibly hard to reproduce unless you manually change the time to be incorrect.

Environment

Please provide the following:

• Version of this library used: 0.3
• Version of the platform or framework used, if applicable: Next 9.0.5
• Other relevant versions (language, server software, OS, browser): Windows 10
• Other modules/plugins/libraries that might be involved: Running a custom HTTPS server for local development, but was working perfectly fine locally as of Friday afternoon.

[qburnsFB]

Update: Upon reading the openid-client docs, I discovered I can do the following:

in /handlers/login.js:

   // Create the authorization url.
    const client = yield clientProvider();
    client[custom.clock_tolerance] = 5; <-- add a clock tolerance here

Would it be beneficial to respect the leeway setting as expected and set it like so?

[sandrinodimattia]

Fixed in v0.4.0. Let me know if we can close this issue.

[qburnsFB]

Awesome! It seems to be working in my project. Thanks for the quick response and fix!