JWT is not yet valid
See original GitHub issueHi there
Im using asp.net core 2.0.3 with “Google.Apis.Auth” 1.33.0.
I’m validating the id token of google+ with GoogleJsonWebSignature.ValidateAsync
It does work fine on my local Windows development machine, but it doesn’t work on my debian jessie server.
situation
Time snapshot before i start signin with google+: Console: Debian Server in Germany Windows Client in Switzerland
Both at Monday, May 14, 2018 00:00, BUT: the servers time is 7 seconds behind my client time
signin process
At 00:00:19, at the debian server, i request the jwt token from google At 00:00:20, at the debian server, I received the jwt token from google, which contains following iat: At 00:00:20, at the debian server, i received following log entry
xyzserver api[16255]: Google.Apis.Auth.InvalidJwtException: JWT is not yet valid.
conclusion
It looks like the IAT is 2 seconds after my server time, thats why the validation fails. If im using the validation endpoint (which everyone tells you should not), it does works.
What would be the best practice in that case?
- Should i implement a custom IClock interface, which syncs with google’s time server?
- Should i use the validation endpoint?
- Should i try to fix the servers time?
Thanks
Issue Analytics
- State:
- Created 5 years ago
- Comments:9
Top GitHub Comments
This has been released in v1.34.0, available on nuget.org
Could we try to get this released ASAP please? I cannot do any work at home. I even synced my clock with
time.google.com
lol