Hey there,
I have seen the discussions here Token used before issued problem! (Time sync?!) and here AccessToken is not (yet) valid - #3 by dan.woda where it has been suggested that the bug could have been a clock skew issue. While it seems to have solved one and not the latter (assumption for this one), it hasn’t solved my problem.
In our SPA where we use react and the @auth0/auth0-react npm library we did add a leeway of 120s (the default seems to be 60s) but we still see the issue where attempting to do any actions on the UI leading to the retrieval of some oauth protected data constantly returns a 401 until approx 20sec of trying it all of a sudden returns the data.
It feels like it’s a clock skew issue indeed, but the leeway does not seem to have any impact. This is how I have added the leeway:
ReactDOM.render(
<Provider store={store}>
<Auth0Provider
domain={process.env.DOMAIN as string}
clientId={process.env.CLIENT_ID as string}
redirectUri={window.location.href}
audience={process.env.JWT_AUD}
scope={process.env.JWT_SCOPES}
useRefreshTokens
leeway={120}
>
<Router>
<Route path='/index.html'>
<App />
</Route>
</Router>
</Auth0Provider>
</Provider>,
document.getElementById('root'),
);
Help and/or ideas are appreciated.