Update openid.md (#50)

Fixed `iat` and `exp` descriptions.

public/en-us/web-services/authentication/openid.md

@@ -123,8 +123,8 @@ For an OpenID authentication request to be successful, mod.io will make the foll
 2. At least one of the signing keys exposed in the JWK URL must have signed the supplied ID Token.
 3. The `sub` claim must be present and a non-empty string or positive integer. In the event an integer datatype is encountered, this value will be casted to a string internally.
 4. The `aud` claim must be `https://mod.io`
-5. The `iat` claim must be in the past and cannot be more than the current epoch unix timestamp minus 10 seconds in the past. Ten additional seconds are subtracted before evaluation to account for clock skew.
-6. The `exp` claim must be in the future and cannot be more than the current epoch unix timestamp plus 10 seconds in the past. Ten additional seconds are added before evaluation to account for clock skew.
+5. The `iat` claim cannot be greater than the current epoch unix timestamp with a 10 second buffer to account for clock skew.
+6. The `exp` claim must be greater than the current epoch unix timestamp with a 10 second buffer to account for clock skew.
 
 ### Testing your ID Token
 
@@ -159,4 +159,4 @@ OpenID offers a powerful method in-which game studios can take an existing sessi
 
 - [REST API OpenID Endpoint](https://docs.mod.io/restapiref/#openid) - The API endpoint your game client (or web app) sends the ID Token to.
 - [OIDC Specification](https://openid.net/developers/how-connect-works/) - OpenID Connect specification.
-- [jwt.io](https://jwt.io) - Useful tool for inspecting JWT tokens which may assist in debugging.
+- [jwt.io](https://jwt.io) - Useful tool for inspecting JWT tokens which may assist in debugging.