Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The token is not yet valid (iat) aka add leeway config #6

Open
tonkolviktor opened this issue Sep 1, 2023 · 0 comments
Open

The token is not yet valid (iat) aka add leeway config #6

tonkolviktor opened this issue Sep 1, 2023 · 0 comments

Comments

@tonkolviktor
Copy link

Hi Brian,

thanks for the project, it's great!!!!

In our setup unfortunately the clocks are not 100% synchronized as it turns out :)
Our KeyCloak is 0.5s in the future to our client application, this is a problem for PyJWT specially since version 2.6.0: jpadilla/pyjwt#824

File "/usr/local/lib/python3.10/dist-packages/jwt/api_jwt.py", line 210, in decode
    decoded = self.decode_complete(
  File "/usr/local/lib/python3.10/dist-packages/jwt/api_jwt.py", line 162, in decode_complete
    self._validate_claims(
  File "/usr/local/lib/python3.10/dist-packages/jwt/api_jwt.py", line 242, in _validate_claims
    self._validate_iat(payload, now, leeway)
  File "/usr/local/lib/python3.10/dist-packages/jwt/api_jwt.py", line 280, in _validate_iat
    raise ImmatureSignatureError("The token is not yet valid (iat)")
jwt.exceptions.ImmatureSignatureError: The token is not yet valid (iat)

I'm preparing a fix, but I do not understand something, which is also related to: #2

Why do you have 'jwt' in install_requires and not PyJWT, the code seem to use jwt.PyJWKClient which is AFAIK only available in PyJWT?
tonkolviktor pushed a commit to tonkolviktor/st_oauth that referenced this issue Sep 1, 2023
@viktortoenkoel
sfc-gh-bhess#6 adds leeway config option
f1e94e0 
sfc-gh-bhess#2 fixes incorrect jwt dependency
@tonkolviktor tonkolviktor mentioned this issue Sep 1, 2023
Open
tonkolviktor pushed a commit to tonkolviktor/st_oauth that referenced this issue Sep 1, 2023
@viktortoenkoel
sfc-gh-bhess#6 cast leeway to int
553cd99
tonkolviktor added a commit to tonkolviktor/st_oauth that referenced this issue Sep 1, 2023
@tonkolviktor @viktortoenkoel
Feature/leeway (#1)
3a694b4 
* sfc-gh-bhess#6 adds leeway config option
sfc-gh-bhess#2 fixes incorrect jwt dependency

* sfc-gh-bhess#6 cast leeway to int

---------

Co-authored-by: Viktor Toenkoel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tonkolviktor