Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
JWT is not yet valid
See original GitHub issueHi there
Im using asp.net core 2.0.3 with “Google.Apis.Auth” 1.33.0.
I’m validating the id token of google+ with GoogleJsonWebSignature.ValidateAsync
It does work fine on my local Windows development machine, but it doesn’t work on my debian jessie server.
situation
Time snapshot before i start signin with google+:
Console: Debian Server in Germany
Windows Client in Switzerland
Both at Monday, May 14, 2018 00:00, BUT: the servers time is 7 seconds behind my client time
signin process
At 00:00:19, at the debian server, i request the jwt token from google
At 00:00:20, at the debian server, I received the jwt token from google, which contains following iat:
At 00:00:20, at the debian server, i received following log entry
xyzserver api[16255]: Google.Apis.Auth.InvalidJwtException: JWT is not yet valid.
conclusion
It looks like the IAT is 2 seconds after my server time, thats why the validation fails. If im using the validation endpoint (which everyone tells you should not), it does works.
What would be the best practice in that case?
- Should i implement a custom IClock interface, which syncs with google’s time server?
- Should i use the validation endpoint?
- Should i try to fix the servers time?
Thanks
Issue Analytics
- State:
- Created 5 years ago
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This has been released in v1.34.0, available on nuget.org
Could we try to get this released ASAP please? I cannot do any work at home. I even synced my clock with
time.google.comlol