feat: allow to configure JWT leeway in open_id_connect

The default value defined in the jwt module is 0.

Author: jirutka

social_core/backends/open_id_connect.py

@@ -54,6 +54,7 @@ class OpenIdConnectAuth(BaseOAuth2):
     USERNAME_KEY = "preferred_username"
     JWT_ALGORITHMS = ["RS256"]
     JWT_DECODE_OPTIONS = {}
+    JWT_LEEWAY = 0  # seconds
     # When these options are unspecified, server will choose via openid autoconfiguration
     ID_TOKEN_ISSUER = ""
     ACCESS_TOKEN_URL = ""
@@ -222,6 +223,7 @@ def validate_and_return_id_token(self, id_token, access_token):
                 audience=client_id,
                 issuer=self.id_token_issuer(),
                 options=self.setting("JWT_DECODE_OPTIONS", self.JWT_DECODE_OPTIONS),
+                leeway=self.setting("JWT_LEEWAY", self.JWT_LEEWAY),
             )
         except ExpiredSignatureError:
             raise AuthTokenError(self, "Signature has expired")