auth0-PHP: Exception: Cannot handle token prior to [timestamp]

As I mentioned in this issue (over in PHP-JWT), I’m getting this exception triggered a lot when calling $auth0->getUser(). It first happened on my development machine and now on my web host:

Cannot handle token prior to 2016-01-15T14:44:28+1100

It appears to occur when the server’s clock is a few seconds behind Auth0’s. I resynced my local dev machine’s clock and the message went away. I can’t do that on a shared web hosting server though. 😦

My thoughts are that the time check should not be so strict that it requires an up-to-the-second time-synchronization.

Simon.

About this issue

Original URL
State: closed
Created 8 years ago
Reactions: 3
Comments: 16 (11 by maintainers)

Commits related to this issue

fix issue Cannot handle token prior https://github.com/auth0/auth0-PHP/issues/56 — committed to duan-li/auth0-php-web-app by duan-li 5 years ago

Most upvoted comments

Try setting the leeway in the php-jwt.

Somewhere in your project before the auth0 sdk is initialized add this line:

\Firebase\JWT\JWT::$leeway = X;

this will let you move the time window X seconds, ceck if you are ahead or behind and play with it until you find a confortable value.

+50

glena on Jan 15, 2016

ntpdate -q 0.rhel.pool.ntp.org chkconfig ntpdate on service ntpdate start

fsiatama on Dec 27, 2017

My ugly hack/workaround for now was to comment out the exception in 2 places in /vendor/firebase/php-jwt/Authentication/JWT.php:

//---------------------------------------
// Temporarily commenting out to fix bug
//---------------------------------------
// throw new BeforeValidException(
//     'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf)
// );
//---------------------------------------

I’m not sure if that reduces the security significantly or anything? I suspect not by much.

SimonEast on Jan 15, 2016