Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

JWT authentication fails using Firebase - JWTIssuedAtFuture

See original GitHub issue

Overview

If you authenticate using Firebase’s JWT as in this example or here, the following message will be output and it will fail.

Could not verify JWT: JWTIssuedAtFuture

Problems and suggestions

The interesting thing about this authentication failure is that if you make the same request several minutes after the authentication failure, the authentication will succeed.

Of course without changing the client program at all.

So I thought that the time zone was affecting, but the cause has not been identified yet. I am using Firebase in the region of asia-northeast1. Hasura is used by Docker, but the time zone looks like UTC. Is this relevant?

By the way, the Function registered in Firebase is the same as the sample.

Environment

docker:

  • hasura: hasura/graphql-engine:v1.0.0-alpha41.cli-migrations
  • postgres: postgres:11.1-alpine

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:12 (2 by maintainers)

github_iconTop GitHub Comments

4reactions
alexFauntcommented, Oct 22, 2021

A Solution:

The allowed_skew property of the JWT settings allows you to configure the acceptable difference between clocks when comparing JWT times.

The docs only talk about expiry time, but I believe it applies to issue time too as setting this to 3s fixed the issue for me.

Hope that helps someone!

3reactions
brush701commented, Apr 10, 2020

I was also having this issue, but found a solution. I’m running on WSL2, and interestingly there are clock-sync issues that arise. In my case, the WSL clock was a few seconds behind NTP time. Updating the Windows clock made no difference, but running ntpdate from the bash prompt worked like a charm. A simple workaround is to add sudo ntpdate -sb time.nist.gov to .bashrc and edit sudoers to grant permissions.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Could not verify JWT: JWSError JWSInvalidSignature
I believe the issue involved mismatch access token secret key resulting in the error JWT: JWSError JWSInvalidSignature.
Read more >
Authentication using JWT | Hasura GraphQL Docs
The idea is that your auth server will return JWT tokens, which are decoded and verified by the GraphQL engine, to authorize and...
Read more >
Hasura on Fly + Firebase Auth JWTIssuedAtFuture error - Fly.io
We're using Hasura on Fly and having intermittent issues with a JWTIssuedAtFuture error using Firebase auth, which we think is based on an ......
Read more >
Using JWTs for GraphQL Authorization with Hasura - Auth0
A JWT is issued as a result of a user authenticating with an authorization server. In the case of the Hasura platform, this...
Read more >
Create Custom Tokens | Firebase Authentication - Google
You can create a custom token with the Firebase Admin SDK, or you can use a third-party JWT library if your server is...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Feature request] Multiple admin-secret keys and secret key management

Next page

Cannot proceed to insert object X relation since insert to table X affects zero rows