Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
The token is not yet valid (iat).
See original GitHub issueWe found an issue in one of our tests in the recent update of yours. Our package works with pyjwt==2.5.0 but it breaks with pyjwt==2.6.0. We will give more details on the issue once we explore it more and will try to provide a minimal example that reproduces the error. However, may I ask you to check if the latests changes could have broken backawards compatibility? We are particularly suspicious of #794. We think this because the error message we get: The token is not yet valid (iat).
We are sorry we could not provide more details yet.
System Information
$ python -m jwt.help
{
"cryptography": {
"version": "38.0.1"
},
"implementation": {
"name": "CPython",
"version": "3.10.6"
},
"platform": {
"release": "5.19.16-76051916-generic",
"system": "Linux"
},
"pyjwt": {
"version": "2.6.0"
}
}
Issue Analytics
- State:
- Created a year ago
- Reactions:2
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’ve also encountered this issue, particularly in tests where the token is issued within a few milliseconds of when it gets used. The problem is that the
iatis assumed to be an integer, while the RFC allows floats. If a token is issued with a floatiatand decoded within that second, the code will test against the integer second, which is less than the floatiat. This results inImmatureSignatureErrorbeing raised.Here is an example that used to succeed, but now raises an error:
I suggest either allowing full float calculations or casting the input
iatto an int.It’s yes and no, since most JWT libraries in other languages also support the
inttype this could cause an issue. I agree with the fact that float has a bit more precision than int but to tackle this synchronization issue the recommended way isleeway time. So adding the minimum leeway time will help them without changing the custom logic they have now.An example could be,
jwt.decode(jwt.encode({'iat': int(time.time())+leeway}, 'secret', algorithm='HS256'), 'secret', algorithms=['HS256'])With this,
PyJWTwill be in sync with other frameworks/libraries in other languages as well.