Merging in from:
I haven’t seen this before but the comment for that error in the JWT library we use says:
// Check that this token has been created before 'now'. This prevents
// using tokens that have been created for later use (and haven't
// correctly used the nbf claim). Small leeway for clock skew.
So, the problem is either the time provided by the token or the time it’s being compared to (time set on your server, returned by
time()). The latter seems more likely since a faulty issued at time there would indicate a huge problem on our end.
If you look at the time in the error message there, that time should be reasonable as it comes from the token. Generate that error again and see if that time is reasonable (meaning that it’s basically “right now” in UTC). Then check your server time:
echo date(DateTime::ISO8601, time());
If I do that and compare to the iat provided by the token, they’re the same, which should be the case. The JWT library adds a leeway of 15 seconds to account for system differences in time.
Give that a shot and let me know what you see.