Installed “Login by Auth0” v3.5.2 and configured application in Auth0 following instructions from: Configure Login by Auth0
At each sign-up attempt using any external IdP (have tried: Facebook, Twitter, BitBucket) I get one of this in my log:
[19-Apr-2018 15:08:31 UTC] Cannot handle token prior to (iat) 2018-04-19T15:16:46+0000
Can someone tell me what I am doing wrong? And/or how to fix this?
Merging in from:
https://github.com/auth0/wp-auth0/issues/438
I haven’t seen this before but the comment for that error in the JWT library we use says:
// Check that this token has been created before 'now'. This prevents
// using tokens that have been created for later use (and haven't
// correctly used the nbf claim). Small leeway for clock skew.
So, the problem is either the time provided by the token or the time it’s being compared to (time set on your server, returned by time()). The latter seems more likely since a faulty issued at time there would indicate a huge problem on our end.
If you look at the time in the error message there, that time should be reasonable as it comes from the token. Generate that error again and see if that time is reasonable (meaning that it’s basically “right now” in UTC). Then check your server time:
echo date(DateTime::ISO8601, time());
If I do that and compare to the iat provided by the token, they’re the same, which should be the case. The JWT library adds a leeway of 15 seconds to account for system differences in time.
Give that a shot and let me know what you see.
Bingo! This was indeed the problem. I had a cron job running ntpdate but had not properly configured my firewall to allow traffic on port 123. So there was > 5 minutes of clock drift. Clock synced => fixed + resolved! Thanks.
Thanks for checking back in with the fix!