From 3f38d41106ca6b7bfa98d38d905ea86e9e397eb8 Mon Sep 17 00:00:00 2001
From: Rezaan Syed <rezaan.syed@shopify.com>
Date: Fri, 8 Sep 2023 10:26:49 -0400
Subject: [PATCH] Update clock tolerance for prototype & update accept header

---
 lib/auth/oauth/oauth.ts             | 3 +++
 lib/session/decode-session-token.ts | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/auth/oauth/oauth.ts b/lib/auth/oauth/oauth.ts
index aadfbde59..4ef8e6d7b 100644
--- a/lib/auth/oauth/oauth.ts
+++ b/lib/auth/oauth/oauth.ts
@@ -97,6 +97,9 @@ export function tokenExchange(config: ConfigInterface) {
       path: '/admin/oauth/access_token',
       type: DataType.JSON,
       data: body,
+      extraHeaders: {
+        Accept: 'application/json',
+      },
     };
     const cleanShop = sanitizeShop(config)(shop, true)!;
 
diff --git a/lib/session/decode-session-token.ts b/lib/session/decode-session-token.ts
index ff314b133..d57463e61 100644
--- a/lib/session/decode-session-token.ts
+++ b/lib/session/decode-session-token.ts
@@ -6,7 +6,7 @@ import {getHMACKey} from '../utils/get-hmac-key';
 
 import {JwtPayload} from './types';
 
-const JWT_PERMITTED_CLOCK_TOLERANCE = 10;
+const JWT_PERMITTED_CLOCK_TOLERANCE = 1;
 
 export interface DecodeSessionTokenOptions {
   checkAudience?: boolean;