Login/Register
Token must be a short-lived token and in a reasonable timeframe
Asked Answered
Solved phpgoogle-apigoogle-api-php-client
U

10

70

I am having the same error as this. In my case it is happening when the app is trying to upload a file via Google Cloud Client API.

POST https://www.googleapis.com/oauth2/v4/token
400 Bad Request
Invalid JWT: Token must be a short-lived token and in a reasonable timeframe

How I load the token is reading a service-account json file, and attach it to CURLOPT_HTTPHEADER in PHP. It did work properly for the past one month, so I am guessing that Google changed the way of authorization.

Has anyone faced & solved this?

Unarmed answered 23/3, 2016 at 22:6 Comment(4)
I didn't do anything but it's solved. Anyone have thoughts?Unarmed
Here is my answer enter link description hereSucculent
@MichaelMishKisilenko apparently the unsynchronized internal clock causes. Thank you for sharing yours!Unarmed
This is mainly time related issue on your client mostly.I have this issue on my android emulator.Its time was incorrectly set as per timezone.Cortese
G
129

I stumbled upon the same issue at roughly the same time, so I expected a generic bug of Google but here is what had happened on my computer :

raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token and in a reasonable timeframe

was caused in my case by a poor synchronisation of the computer's clock where the code was executed that had a lag of 5 minutes (due to a faulty battery for the internal clock). It started working again when I manually changed the internal time of my computer to the correct one.

This solution was mentionned here, but not with the full error message

Gorblimey answered 24/3, 2016 at 13:58 Comment(5)
It is possibly the answer, because I have seen my server's clock is not in sync sometimes. I appreciate thatUnarmed
This appears to be the solution. Specifically, the Docker container I'm using has a busted clock even though my system clock is fine.Forefend
had the exact same problem here. My computer's clock was 5 minutes out of sync. Thanks for the answerEradicate
I was receiving this when I run unit tests and forgot that I also patch the time (yes, I have mock, but I was testing it without mock to check credentials)Cornew
That solved it for me. My computer's clock was off by a few hours. Readjusted it and the error went away.Blastoderm
B
23

I had the same issue, I found that my server was delayed by 8 minutes. I configurated the NTP server and magically it was solved

Battue answered 4/5, 2016 at 21:46 Comment(4)
just running ntpdate ntp.ubuntu.com worked for me, thanks!Diglot
So this keeps on happening how can I make sure that the server time is matched up all the time? I keep on getting the same error...Ewart
after I tried everything, I found your answer, and it worked for me!Sloatman
@SergioGonzalez running sudo ntpdate ntp.ubuntu.com is the real answer.Statehood
A
8

Same problem encountered....manually reset my computer's clock to the current time....problem resolved.

Acierate answered 7/11, 2016 at 15:26 Comment(2)
I was facing that issue with Xcode, but after reseting the time, my project run successfully.Algebra
This has already been statedYoruba
R
7

For those getting that error for a containerized app and ending up here,

I had the same issue when using my token from a containerized app. Rebooting Docker Desktop (Windows) did it for me.

I had this setup for weeks before getting that issue for the first time.

Rozina answered 3/1, 2020 at 21:17 Comment(2)
ya. me too. probably because Im hibernating my machine. So its eventually confusing dockerImmunoreaction
same here with containerized .net core app.Shannan
B
3

For those using vagrant, ssh into your box and run sudo service ntp stop && sudo ntpd -gq && sudo service ntp

Bacchius answered 18/6, 2020 at 6:21 Comment(0)
C
3

I had this problem when using Windows Subsystem for Linux (WSL). All my WSL images were running with date set in the past, https://github.com/microsoft/WSL/issues/4245 suggests that its a problem when Windows resumes from sleep.

I fixed by restarting WSL, wsl --shutdown

Calmas answered 22/11, 2020 at 17:22 Comment(0)
A
2

I was stumped on this for hours. I even posted this question. Turns out I had overlooked something that should have been somewhat obvious. My dev server is a Linux virtual machine. The clock on my VM was 8 days behind my local system clock. So while my local clock was correct, I overlooked the fact that my VM was several days delayed. Hopefully, this can save the absent-minded some time.

Avogadro answered 2/1, 2018 at 10:20 Comment(0)
L
2

I had a similar problem when trying to reach the google cloud big query API. Adjusting my system clock and allowing windows 10 to automatically set the time and time zone solved the problem.

Lilt answered 16/6, 2018 at 9:5 Comment(1)
This has already been statedYoruba
M
1

I had the similar problem and my job was keep failing with below error:

  File "/usr/local/lib/python2.7/site-packages/google/oauth2/_client.py", line 59, in _handle_error_response
    error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems.', u'{\n  "error" : "invalid_grant",\n  "error_description" : "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems."\n}')
2018-05-1713:01:01:  API CALL iOS intra day: module failed.

The actual root cause was the system time was out of sync with the server. I have refreshed the ntp server which synced the time and the problem was resolved.

Monohydric answered 17/5, 2018 at 22:43 Comment(0)
J
0

It sounds obvious, but ensure the expiry exp is after the issued at time iat.

Jeweljeweler answered 13/8, 2019 at 13:34 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.