Support TrustedTime API in JWT Verification #1137
Description
Feature Request
Motivation
AppAuth-Android is meant to be the open source community and openid's canonical choice for secure and seamless login flows.
However, this library has a known issue with ID Token validation after token exchange under the condition that the device has its system clock manually set in the future, even with a generous leeway provided.
This can cause a confusing and tense experience with developers, customers, and stakeholders.
Since Feb 2025, it is now a needless experience with the introduction of TrustedTime API: Introducing a reliable approach to time keeping for your apps.
Description
This feature request is that the library provides the option use the TrustedTime API if it is available. If that is not practical for this library to handle all of that complexity, then it would be refreshing to be able to inject and override the default Clock implementation.
Alternatives or Workarounds
As described in the original issue, forking and implementing as needed is the only practical workaround.