Expiration Time (exp) claim error in the ID token — larger time discrepancies

Hi,

I’ve looked at a similar topic here, and am curious if something else might be going on in our application.

Ours is a Vue app that encounters the error upon invoking handleRedirectCallback. We’ve seen about 11.4k errors like this (from a relatively small set of sessions i.e., the same session sends many of the same error) in the same span of time in which we saw 405k successful logins. Checking a couple of the errors, the time discrepancies range at least from 5 hours to 37 hours. I’m skeptical that a user’s machine might be off by 37 hours or more, and am wondering what might be going on here.

Example:

Error: Expiration Time (exp) claim error in the ID token; current time (Thu Jul 29 2021 18:46:38 GMT-0500 (Central Daylight Time)) is after expiration time (Wed Jul 28 2021 04:47:39 GMT-0500 (Central Daylight Time))

Thanks for the help!

Hi @adam.gipril,

Welcome to the Auth0 Community!

I think you have already identified the problem; you have a user/users who’s machine is off time. It is more likely a single user’s machine is off by 37 hours vs. the Auth0 auth server being skewed by that amount.

I think that may be the case after looking further. We have some errors being reported on July 31 at 1:55 PM MDT, but the “current time” the user’s machine reported was August 1 at 11 AM CDT. After seeing that the “current time” value is calculated with new Date(Date.now()) (see here for anyone coming to this later), that must be the issue.

Thanks for looking into it!

No problem! Glad you got it sorted. Thanks for posting a follow up