Help with leeway setting using Auth0-PHP

nicolas_sabena · August 27, 2018, 4:18pm

Hi Scott. Try setting the leeway for the jwt-php package, as instructed here:

Exception: Cannot handle token prior to [timestamp]

opened 03:59AM - 15 Jan 16 UTC

closed 06:36PM - 24 Jan 16 UTC

As I mentioned [in this issue](https://github.com/firebase/php-jwt/issues/73#iss…uecomment-171865921) (over in PHP-JWT), I'm getting this exception triggered a lot when calling `$auth0->getUser()`. It first happened on my development machine and now on my web host: ``` Cannot handle token prior to 2016-01-15T14:44:28+1100 ``` It appears to occur when the server's clock is a few seconds behind Auth0's. I resynced my local dev machine's clock and the message went away. I can't do that on a shared web hosting server though. :-( My thoughts are that the time check should not be so strict that it requires an up-to-the-second time-synchronization. Simon.

It seems that the php-jwt library uses the “iat” (issued at) claim to validate when the token is valid from. There’s a bit of a controversy around this, as many feel that the “nbf” (not before) claim should be used for that validation (if present), and treat “iat” as merely informative. In any case, setting the leeway should work as a valid workaround.

Topic		Replies	Views
Cannot handle token prior to <timestamp> Get Help login	3	8222	April 23, 2020
Cannot handle token prior to..in SSO implementation Get Help	1	3540	December 18, 2019
Authsdkerror the jwt token issued in the future Get Help	8	10076	September 30, 2021
JwtAuth configuration Get Help	2	3351	July 26, 2019
Really stuck on instantiating the Auth0 PHP SDK JWT.io sdk , auth0 , api , php	5	2885	June 8, 2023

Help with leeway setting using Auth0-PHP

Related topics