OAuthService hasValidAccessToken wrongly returns true

[patrick-dedication]

Describe the bug
hasValidAccessToken returns true even though expired_at in local storage is a minute before now.

Additional context
the hasValidAccessToken function subtracts getClockSkewInMsec (10min by default) from now and compares the expiresAt against that value.
So a token is considered invalid only 10minutes after it it is expired

[jeroenheijmans]

Perhaps a duplicate of #1135?

[buchatsky]

It also returns "true" if the Token endpoint erroneousely returns an empty JSON ("{}") in response body. In such case the library stores the string "undefined" as an access_token value, and hasValidAccessToken() returns "true".
I even don't dare create a new issue, looking at the number of opened ones)

[manfredsteyer]

When the access token response doesn't have an expiration time (which is also the case when it's an empty object), you can set the config property fallbackAccessTokenExpirationTimeInSec. This value is then used instead of the expiration time.

[manfredsteyer]

Feel free to reopen this issue if I'm wrong here.

[CedricHg]

When the access token response doesn't have an expiration time (which is also the case when it's an empty object), you can set the config property fallbackAccessTokenExpirationTimeInSec. This value is then used instead of the expiration time.

I don't think I understand this comment, my access token response does have an expiration time so I don't need to use a fallback as far as I know. The bug the OP mentioned still happens.

edit: ok I understand now that I need to adjust "clockSkewInSec" in the auth config