We are using a single page Node.js application in Auth0 and the authentication flow is working fine from our current location (Dublin, Ireland) but we have one of our customer who is located in India and trying to access our application is getting the following error
“id_token was issued in the future (invalid iat)”
when the user is trying to login… From our analysis we think this is happening because of the time zone difference but not exactly sure about it and what will be the fix for this issue.
This is less likely a time zone issue, and more likely a clock skew. The most obvious answer is to have their clock set correctly (this could be as easy as restarting the machine or updating their software).
There is another way to address clock skew. You can pass a leeway parameter when you request the token. This will allow for some skew between the auth server and the client.
Here is the doc for passing leeway as a param to the auth0-spa-js SDK.