Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google Client Invalid JWT: Token must be a short-lived token

Tags:

I am using Google's php api client. I am running through the quickstart guide for service accounts. I followed the steps perfectly (as far as I can tell). I am running into the following error:

{    "error": "invalid_grant",    "error_description": "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems." }

From what I have read the most common problem with this error is if the system time is wrong. I have triple checked that my timezone and date and time are synced with the atomic clock. I used php set timezone function to set my timezone to match my computer, but I continue to get the error. I am looking into the other part of the message that mentions the iat and exp settings, and haven't gotten anywhere yet.

Does anyone have any ideas of how I can get past this?

like image 786
ajon Avatar asked Jan 02 '18 06:01

ajon

People also ask

How do I fix invalid JWT?

For Invalid JWT Signature, check if your service account key has expired. Go to your APIs & Services to add a new key if it has.

What does invalid JWT token mean?

Invalid JWT token due to the following reasons: JWT token doesn't contain nonce claim, sub claim. Subject identifier mismatch. Duplicate claim in idToken claims. Unexpected issuer.

1 Answers

Invalid_grant error has two common causes:

  1. Your server’s clock is not in sync with NTP.

    Solution: Check the server time. If it's incorrect, fix it.

  2. The refresh token limit has been exceeded.

    Solution: Nothing you can do - they can't have more refresh tokens in use.

    Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.

    The limit for each unique pair of OAuth 2.0 client and is 50 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.

like image 80
DaImTo Avatar answered Sep 21 '22 09:09

DaImTo
Sign in to Comment

Related questions

Keycloak adaptor for golang application
Convert multiple columns to string in pandas dataframe
Vue js vee validate password confirmation always false
SQLAlchemy - Querying with DateTime columns to filter by month/day/year
smooth rounded corners in swift
Using backdrop on Android
ASP.NET Core: "The project doesn't know how to run the profile Docker." on Visual Studio 2017
How to identify which item in FormArray emitted valueChanges event?
React Typescript - Adding custom attribute
Rounded corners in swiftui list sections
Add global variable in Vue.js 3
Android Emulator 30.4.5 not working on MacOS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!