Expiration Time (exp) claim error in the ID token

niks · June 23, 2021, 10:42pm

Hi,

I have a react app that uses auth0.authorize() [auth0-js library] for user login.

Some of the users are unable to login & the error logs are as follows:

Expiration Time (exp) claim error in the ID token; current time "Wed Jun 16 2021 09:05:36 GMT+0000 (Coordinated Universal Time)" is after expiration time "Wed Jun 16 2021 08:10:49 GMT+0000 (Coordinated Universal Time)"

The difference is about an hour. The user actual login request timestamp is 2021-06-16T08:04:50.200Z.

The user has tried doing login from different VPN endpoints from different locations, but is still seeing the same issue.

Is there any way where we need to enforce a particular timezone (UTC)? Only a handful of end-users are seeing this issue so far.

Any pointers will be highly appreciated.

konrad.sopala · July 1, 2021, 8:28am

The issue here was specific to user’s local machine time. It was not synced with the world clock & hence it was 1 hour ahead of the actual time. This was causing the JWT to be considered as expired. We asked the user to check the time on the local machine on this website: https://time.is and it was clearly showing the difference in there.

Issue got resolved when the user synced their machine clocks with the OS time settings (eg: Apple clock auto set).