JWT Token could not be verifed before

Question

I am currently using JWT since the past month and I had no issues. But since yesterday, I am experiencing this error as per below

com.auth0.jwt.exceptions.InvalidClaimException: The Token can't be used before...

I understand there is a timestamp when generating the token and the token cannot be verified before that. The token is being verified on another server. But all this time, it was fine. Can someone advise?

Thanks,

Answer 1

If you are using auth0-spring-security-api then you can customize leeway as follow:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Value(value = "${auth0.audience}")
private String apiAudience;

@Value(value = "${auth0.issuer}")
private String issuer;

@Override
protected void configure(HttpSecurity http) throws Exception {      
    final JwkProvider jwkProvider = new JwkProviderBuilder(issuer).build();
    JwtAuthenticationProvider jwtAuthenticationProvider = new JwtAuthenticationProvider(jwkProvider, issuer,
            apiAudience);
    jwtAuthenticationProvider.withJwtVerifierLeeway(3);

    JwtWebSecurityConfigurer.forRS256(apiAudience, issuer, jwtAuthenticationProvider).configure(http)
            .authorizeRequests().antMatchers("/**").authenticated();
}

Answer 2

Perhaps try viewing your JWT token using https://jwt.io/ - can you ascertain whether it has expired? Take the exp value (likely epoch) and convert - https://www.epochconverter.com/

You have added very little info in the question to offer any further details. You could try (re-) authenticating with the IDP that issued you the JWT token last time, and check whether that resolves your issue too.

Based on your last comment, do the servers have any clock skew?