I have a react app that is using the auth0 spa for user login.
Some of my users are receiving an error that prevents them from logging in.
Uncaught (in promise) Error: Issued At (iat) claim error in the ID token; current time is before issued at time
The time difference is about 5 seconds.
I believe the users are on a network that is using a proxy server, which might be causing the time difference.
Does the validation happen on the local machine? If so, there might be a time difference from the proxy server and the client machine.
Is there a way to allow some âroomâ between the times to allow for this error? For example: a 10 second allowance between the times?
edit: I can see there is a leeway option to allow for slight time differences but the error message I have doesnât match with the error messages I have found in auth0-spa-js.
leeway is used to account for the clock skew of JWT expiration, not the Issued At (iat) time.
The most probable reason of this error is the userâs machine is out of sync of time. You could check it by comparing the local time on the userâs machine with a time source on internet, such as https://www.timeanddate.com/
If there is an out of sync, the user needs to adjust their local machineâs time or configure NTP on their machine to sync time.
I have seen this issue on two different machines (that are on the network with the proxy) which is why I initially thought it may be correlated to the proxy server.
I would doubt that both machines are out of sync, do you have any other thoughts that would cause this issue?
@nmck I had this issue happen to me yesterday. Looking at when you raised this issue I was certain it was an issue out of our control however, the users machine was indeed a minute slow. Which exceeded the leeway.
Hi
If the reason is that the client machine is out of sync, what should I tell my end users?
That they need to sync their clock in order to authenticate?
Is that reasonable given that some of them arenât IT guys? and the internet is a new thing for themâŠ
Facing the same problem here, in my home connection (no proxies). Iâm from Brazil and my colleagues in Netherlands didnât notice that problem⊠my machine (windows 10) time has automatically date and time sync
âIssued At (iat) claim error in the ID token; current time âThu Jan 09 2020 17:44:37 GMT+0000 (Greenwich Mean Time)â is before issued at time âThu Jan 09 2020 17:44:38 GMT+0000 (Greenwich Mean Time)ââ
@Guangjie Asking users to adjust their time because their clock is 1 second off is not reasonable. Is there a way to provide leeway-like option for iat time?
I am having multiple users getting this issue, often for a several second discrepancy. Is there any solution to this? Asking each user to sync their clock for a time that shows correct down to the minute is simply not a realistic solution