I just experienced an issue where a user could not log in. This is the stacktrace I found on the server:
com.auth0.jwt.exceptions.InvalidClaimException: The Token can’t be used before Tue Jan 15 15:10:31 PST 2019.
It seems the JWT token signed to me was several minutes in the future so it couldn’t be verified. After my computer’s time, which was correct, caught up with the token’s time, the login was allowed.
I don’t believe there’s anything I can really do on my side to prevent this. At best, I can catch the error and display an appropriate response.
Can anyone verify if this is the case?
Auth0, what are you doing to ensure there’s no clock skew on your servers issuing these tokens?