For the OAuth Profile to issue personal tokens, it needs to authenticate users. This is configured through the authentication-service configuration option. See the configuration guide for details.
authentication-service
To allow for some clock skew between the OAuth profile and the Authentication Service, a configurable clock-skew can be used.
clock-skew