We recently had someone that had issues with the javascript adapter not refreshing tokens.
The reason for this was that the browser and Keycloak server was in different time zones,
so exp was not checked properly.
I've now updated the javascript adapter to include a timeSkew property. This is
calculated by:
timeSkew = (timeRequestStarted + timeRequestCompleted) / 2 - token.iat
The assumption is that if the request and response takes roughly as long the tokens iat
value will be set in the middle of request start and request stop.
This will work both for cases where the browser time is not correct as well as when the
browser is in a different time-zone.
Big question is, should we do the same for all adapters? For server-side adapters we can
be more assured that the time is in sync (not sure if we mention in the documentation that
it's important to keep times in sync), but we still have the issue if the servers are
in different time zones.