Cannot handle token prior to <timestamp>

shrinerp · June 12, 2019, 2:31pm

Using PHP, on my local dev environment, I use the Auth0 code (v5) to redirect and Authenticate. Once authenticated, I am redirected back to my starting page and I receive a Core Exception:

Fatal error: Uncaught Auth0\SDK\Exception\CoreException: Cannot handle token prior to 2019-06-12T13:22:16+0000 in /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/vendor/auth0/auth0-php/src/JWTVerifier.php:226
Stack trace:
#0 /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/vendor/auth0/auth0-php/src/Auth0.php(659): Auth0\SDK\JWTVerifier->verifyAndDecode(‘eyJ0eXAiOiJKV1Q…’)
#1 /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/vendor/auth0/auth0-php/src/Auth0.php(556): Auth0\SDK\Auth0->setIdToken(‘eyJ0eXAiOiJKV1Q…’)
#2 /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/vendor/auth0/auth0-php/src/Auth0.php(458): Auth0\SDK\Auth0->exchange()
#3 /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/EmailFiles.php(23): Auth0\SDK\Auth0->getUser()
#4 {main}
thrown in /Users/paulshriner/Documents/Reach/AudienceOptimizer-UI/vendor/auth0/auth0-php/src/JWTVerifier.php on line 226

This is new code, so it has not worked previously. The werid thing is the TimeStamp is returning UTC. My local machine is running in EST, so that could absolutely be the source of a TS-offset. I tried to adjust the Leeway setting to no avail.

Here is a copy of the code (values removed.) It is pretty vanilla:

use Auth0\SDK\Auth0;

$auth0 = new Auth0([
    'domain' => '',
    'client_id' => '',
    'client_secret' => '',
    'redirect_uri' => 'http://localhost:8888/AudienceOptimizer-UI/EmailFiles.php',
    'persist_id_token' => true,
    'persist_access_token' => true,
    'persist_refresh_token' => true
  ]);

  $userInfo = $auth0->getUser();

  if (!$userInfo) {
    $auth0->login();
} else {
    echo "YES->>>>>> " . $userInfo["user_id"];
}

shrinerp · June 12, 2019, 4:14pm

Mostly to document my journey, I thought I would update my post as I go with progress, for anyone attempting to help or for future readers facing the same problem.

I think that the problem is timestamp used to compare against the exp property from the payload response. In the JWT.php which originates that exception, there are two clues:

/**
     * Allow the current timestamp to be specified.
     * Useful for fixing a value within unit testing.
     *
     * Will default to PHP time() value if null.
     */
    public static $timestamp = null;

time() will always come back in UTC. Line 71, will let you set that value.

$timestamp = is_null(static::$timestamp) ? time() : static::$timestamp;

shrinerp · June 12, 2019, 7:01pm

Short Answer RTFM!

Long Answer:

/**

* You can add a leeway to account for when there is a clock skew times between

* the signing and verifying servers. It is recommended that this leeway should

* not be bigger than a few minutes.

*

* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef

*/

JWT::$leeway = 60; // $leeway in seconds

Topic		Replies	Views
Cannot handle token prior to..in SSO implementation Help	1	3523	December 18, 2019
Help with leeway setting using Auth0-PHP Help jwt , php , auth0-php	10	7960	September 26, 2018
wp-Auth0 wordpress plugin - JWT token problems Help wordpress , jwt , plugin	4	4655	April 20, 2018
Really stuck on instantiating the Auth0 PHP SDK JWT.io sdk , auth0 , api , php	5	2773	June 8, 2023
The Token can't be used before Help	2	6266	September 3, 2019

Cannot handle token prior to <timestamp>

Related Topics