Problem statement
We want to know if the Auth0 server time is synchronized.
Cause
The JWT token’s issue time iat is based on the server time. Although most of the time it’s the your application server out-of-sync. We may need a method to check if our servers are synchronized.
Solution
- The Auth0 server has a
/testendpoint that returns the current time of the Auth0 server.
Please note it is not a public endpoint, and it is supposed to be used for testing purposes only.
-
On a machine which time is synchronized (e.g. an AWS EC2 instance), compare the local time and the Auth0 server time.
-
Here are the test steps:
- launch an AWS EC2 instance, use
timedatectl statuscommand to check its time synchronization status (timedatectl(1) - Linux manual page) - use
date -u +"%s%3N"command to get the local time (before) - use
curlcommand to get Auth0 server time in your private cloud environment - use
date -u +"%s%3N"command to get the local time again (after)
Note: thedate -u +"%s%3N"command and the Auth0/testendpoint give the timestamp in milliseconds since 1970-01-01T00:00:00Z
- Assuming the time spent on both ways (to and from Auth0 server) are the same, the Auth0 server timestamp should be in the middle of the before and after timestamps.