ValueError: Token used too early errors #889
Assignees
Labels
priority: p1
Important issue which blocks shipping the next release. Will be fixed prior to next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Comments
parthea
added
type: bug
|
If this is indeed a P1 issue shouldn't we revert and re-release until we can figure out what happened? It's strange because #862 was meant to relax the clock skew sensitivity and ended up doing the opposite. |
jay0lee
added a commit
to GAM-team/GAM
that referenced
this issue
Oct 21, 2021
|
@taers232c @jay0lee I just wrote a PR to add the |
|
@taers232c @jay0lee The fix is now in release v2.3.2. |
|
Thanks for your help.
Ross
…On Tue, Oct 26, 2021 at 11:07 AM arithmetic1728 ***@***.***> wrote:
@taers232c <https://github.com/taers232c> @jay0lee
<https://github.com/jay0lee> The fix is now in release v2.3.2.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#889 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCTYL7FQZRVCQVCHCJNCXLUI3U4TANCNFSM5GCTIVDA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Ross Scroggs
***@***.***
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
google-authversion: 2.3.0I'm the author of Advanced GAM: https://github.com/taers232c/GAMADV-XTD3
Changes in V2.1.0. Improve handling of clock skew (#858) (45c4491)
now cause the following error on a sporadic but annoying basis.
Previously, there was a clock skew allowance of 10 seconds. now it's 0.
File "init.py", line 3904, in _getValueFromOAuth
File "google\oauth2\id_token.py", line 144, in verify_oauth2_token
File "google\oauth2\id_token.py", line 124, in verify_token
File "google\auth\jwt.py", line 278, in decode
File "google\auth\jwt.py", line 195, in _verify_iat_and_exp
ValueError: Token used too early, 1634244631 < 1634244632. Check that your computer's clock is set correctly.
Chain of calls
google\oauth2\id_token.py
def verify_oauth2_token(id_token, request, audience=None):
...
idinfo = verify_token(
id_token, request, audience=audience, certs_url=_GOOGLE_OAUTH2_CERTS_URL
)
def verify_token(id_token, request, audience=None, certs_url=_GOOGLE_OAUTH2_CERTS_URL):
...
return jwt.decode(id_token, certs=certs, audience=audience)
google\auth\jwt.py
def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds=0):
...
_verify_iat_and_exp(payload, clock_skew_in_seconds)
def _verify_iat_and_exp(payload, clock_skew_in_seconds=0):
Unfortunately, verify_oauth2_token and verify_token don't have a clock_skew_in_seconds parameter
so I can't get the old behavior back.
Thanks,
Ross
The text was updated successfully, but these errors were encountered: