diff --git a/browserid/static/dialog/resources/user.js b/browserid/static/dialog/resources/user.js index 468c0519b54f58ee2c1ff5e0d5b49d9e03c223fd..41ef20573ca0156381b18d051b2c43c24e8de522 100644 --- a/browserid/static/dialog/resources/user.js +++ b/browserid/static/dialog/resources/user.js @@ -535,7 +535,9 @@ BrowserID.User = (function() { function createAssertion(idInfo) { network.serverTime(function(serverTime) { var sk = jwk.SecretKey.fromSimpleObject(idInfo.priv); - var tok = new jwt.JWT(null, serverTime, origin); + // assertions are valid for 2 minutes + var expiration = serverTime + (2 * 60 * 1000); + var tok = new jwt.JWT(null, expiration, origin); assertion = vep.bundleCertsAndAssertion([idInfo.cert], tok.sign(sk)); if (onSuccess) { onSuccess(assertion);