New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ValueError: Token used too early errors #889
Comments
If this is indeed a P1 issue shouldn't we revert and re-release until we can figure out what happened? It's strange because #862 was meant to relax the clock skew sensitivity and ended up doing the opposite. |
@taers232c @jay0lee I just wrote a PR to add the |
@taers232c @jay0lee The fix is now in release v2.3.2. |
Thanks for your help.
Ross
…On Tue, Oct 26, 2021 at 11:07 AM arithmetic1728 ***@***.***> wrote:
@taers232c <https://github.com/taers232c> @jay0lee
<https://github.com/jay0lee> The fix is now in release v2.3.2.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#889 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCTYL7FQZRVCQVCHCJNCXLUI3U4TANCNFSM5GCTIVDA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Ross Scroggs
***@***.***
|
google-auth
version: 2.3.0I'm the author of Advanced GAM: https://github.com/taers232c/GAMADV-XTD3
Changes in V2.1.0. Improve handling of clock skew (#858) (45c4491)
now cause the following error on a sporadic but annoying basis.
Previously, there was a clock skew allowance of 10 seconds. now it's 0.
File "init.py", line 3904, in _getValueFromOAuth
File "google\oauth2\id_token.py", line 144, in verify_oauth2_token
File "google\oauth2\id_token.py", line 124, in verify_token
File "google\auth\jwt.py", line 278, in decode
File "google\auth\jwt.py", line 195, in _verify_iat_and_exp
ValueError: Token used too early, 1634244631 < 1634244632. Check that your computer's clock is set correctly.
Chain of calls
google\oauth2\id_token.py
def verify_oauth2_token(id_token, request, audience=None):
...
idinfo = verify_token(
id_token, request, audience=audience, certs_url=_GOOGLE_OAUTH2_CERTS_URL
)
def verify_token(id_token, request, audience=None, certs_url=_GOOGLE_OAUTH2_CERTS_URL):
...
return jwt.decode(id_token, certs=certs, audience=audience)
google\auth\jwt.py
def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds=0):
...
_verify_iat_and_exp(payload, clock_skew_in_seconds)
def _verify_iat_and_exp(payload, clock_skew_in_seconds=0):
Unfortunately, verify_oauth2_token and verify_token don't have a clock_skew_in_seconds parameter
so I can't get the old behavior back.
Thanks,
Ross
The text was updated successfully, but these errors were encountered: