From a9890ce35ccb97c1dff2a79b2e30970ad7030fde Mon Sep 17 00:00:00 2001
From: Denis Lagno <dilmah@dilmah-macbookpro.local>
Date: Thu, 12 Sep 2019 14:00:55 -0700
Subject: [PATCH] Properly wiring clockSkew

There already exists clockSkew validation parameter with default value
of 5 minutes.
however it was just left unwired which caused some messages to be
dropped due to NotBefore validation failures due to clock skew.
Fixing this.
---
 .../bot/connector/authentication/JwtTokenExtractor.java       | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libraries/bot-connector/src/main/java/com/microsoft/bot/connector/authentication/JwtTokenExtractor.java b/libraries/bot-connector/src/main/java/com/microsoft/bot/connector/authentication/JwtTokenExtractor.java
index a7d313c81..8e172ad21 100644
--- a/libraries/bot-connector/src/main/java/com/microsoft/bot/connector/authentication/JwtTokenExtractor.java
+++ b/libraries/bot-connector/src/main/java/com/microsoft/bot/connector/authentication/JwtTokenExtractor.java
@@ -93,7 +93,9 @@ private CompletableFuture<ClaimsIdentity> validateToken(String token,
         }
 
         return CompletableFuture.supplyAsync(() -> {
-            Verification verification = JWT.require(Algorithm.RSA256(key.key, null));
+            Verification verification = JWT
+                .require(Algorithm.RSA256(key.key, null))
+                .acceptLeeway(tokenValidationParameters.clockSkew.getSeconds());
             try {
                 verification.build().verify(token);