ValueError: Token used too early errors

OS: Various
Python version: 3.9.7/3.10.0
google-auth version: 2.3.0

I’m the author of Advanced GAM: https://github.com/taers232c/GAMADV-XTD3

Changes in V2.1.0. Improve handling of clock skew (#858) (45c4491)
now cause the following error on a sporadic but annoying basis.
Previously, there was a clock skew allowance of 10 seconds. now it’s 0.

File “init.py”, line 3904, in _getValueFromOAuth File “google\oauth2\id_token.py”, line 144, in verify_oauth2_token File “google\oauth2\id_token.py”, line 124, in verify_token File “google\auth\jwt.py”, line 278, in decode File “google\auth\jwt.py”, line 195, in _verify_iat_and_exp ValueError: Token used too early, 1634244631 < 1634244632. Check that your computer’s clock is set correctly.

Chain of calls

google\oauth2\id_token.py

def verify_oauth2_token(id_token, request, audience=None):
…
idinfo = verify_token(
id_token, request, audience=audience, certs_url=_GOOGLE_OAUTH2_CERTS_URL
)

def verify_token(id_token, request, audience=None, certs_url=_GOOGLE_OAUTH2_CERTS_URL):
…
return jwt.decode(id_token, certs=certs, audience=audience)

google\auth\jwt.py

def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds=0):
…
_verify_iat_and_exp(payload, clock_skew_in_seconds)

def _verify_iat_and_exp(payload, clock_skew_in_seconds=0):

Unfortunately, verify_oauth2_token and verify_token don’t have a clock_skew_in_seconds parameter so I can’t get the old behavior back.

Thanks,

Ross

Issue Analytics

State:
Created 2 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

3reactions

arithmetic1728commented, Oct 22, 2021

@taers232c @jay0lee I just wrote a PR to add the clock_skew_in_seconds option to all the verify_*_token methods in id_token.py so you can provide a custom value in your code.

0reactions

taers232ccommented, Oct 26, 2021

Thanks for your help.

Ross

On Tue, Oct 26, 2021 at 11:07 AM arithmetic1728 @.***> wrote:

@taers232c https://github.com/taers232c @jay0lee https://github.com/jay0lee The fix is now in release v2.3.2.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/googleapis/google-auth-library-python/issues/889#issuecomment-952184287, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL7FQZRVCQVCHCJNCXLUI3U4TANCNFSM5GCTIVDA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

– Ross Scroggs @.***

Top Results From Across the Web

Token used too early error thrown by firebase_admin auth's ...

It throws the following error: Token used too early, 1650302066 < 1650302067. Check that your computer's clock is set correctly. I'm aware that ......

Error while granting permissions - Token used too early

I'm trying to grant access to GYB for the backup, but every time I try I get ... ValueError: Token used too early,...

How to resolve the error “token used at: 1623250847 but was ...

This error is usually coming from the Router microservice while it's trying to connect to the Access microservice. ... This error is indicating ......

Token used too early - Technology Speaks

This is a recommended procedure to ensure that the token is not been tampered. If it throws any error [typically 'token expired'], then...

Token used before issued problem! (Time sync?!)

hey I have an architectural question, I am using auth0 in combination with my own API. Setup made after the official documentation how...