Exception: Cannot handle token prior to [timestamp] about auth0-php HOT 16 CLOSED

Try setting the leeway in the php-jwt.

Somewhere in your project before the auth0 sdk is initialized add this line:

\Firebase\JWT\JWT::$leeway = X;

this will let you move the time window X seconds, ceck if you are ahead or behind and play with it until you find a confortable value.

from auth0-php.

ntpdate -q 0.rhel.pool.ntp.org
chkconfig ntpdate on
service ntpdate start

from auth0-php.

My ugly hack/workaround for now was to comment out the exception in 2 places in /vendor/firebase/php-jwt/Authentication/JWT.php:

//---------------------------------------
// Temporarily commenting out to fix bug
//---------------------------------------
// throw new BeforeValidException(
//     'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf)
// );
//---------------------------------------   

I'm not sure if that reduces the security significantly or anything? I suspect not by much.

from auth0-php.

@SimonEast did it work?

from auth0-php.

OK, awesome. That's the kinda thing I was looking for. Haven't tried it yet but hope to do so in the next 1-2 weeks and will try post back how it goes.

from auth0-php.

sure, I will close the issue for now but feel free to open a new one (or just ping me here)

from auth0-php.

@SimonEast Did the leeway setting work for you? What setting did you settle on?

from auth0-php.

@SeanZicari I actually can't remember what I did with it 12 months ago, I'm sorry. I'd have to dig through my source code, which I may not get time to do very soon due to life circumstances. I apologize.

from auth0-php.

@SeanZicari the leeway should do the trick, anyway if it is posible check that your server's timezone is well configured and that it is sincronized with an NTP server so it keeps up to date.

Also, can you check what is the difference between the server time and the current time?

from auth0-php.

@glena Thanks! I increased the leeway to 120 seconds. Is that excessive? It did seem to resolve the issue.

from auth0-php.

@SeanZicari it is not a good idea because you are opening the expiration window. It is always better to try to keep the server time in sync to avoid future issues.

from auth0-php.

@glena That makes sense. The issue I was having seemed to be related to one individual auth0 account that was causing that error to be thrown when trying to log in as them. I don't know enough about what's going on behind the scenes to know how else to fix it.

from auth0-php.

if you have ssh access to the server, you can check the time of it (if it is linux by running date) and check if it is correct (time and timezone). Probably it is some minutes off.

If that is the case, I would recommend to configure it to be in sync with an NTP service or if it is already configured you will need to troubleshoot why it is not working.

from auth0-php.

from auth0-php.

@glena Thanks. This solved the problem.

from auth0-php.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from auth0-php.