Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: client_assertion token has an expiration too far into the future #382

Open
gabrielsroka opened this issue Dec 15, 2023 · 1 comment

Comments

@gabrielsroka
Copy link
Contributor

Okta node sdk sets expiration for 5 minutes:
https://github.com/okta/okta-sdk-nodejs/blob/895d48c9bf4e2e1d0d2fadcf0a84cc550e301851/src/jwt.js#L72-L84

whereas Python uses 60 minutes:

okta-sdk-python/okta/jwt.py

Lines 114 to 122 in 700c5f1

expiry_time = issued_time + JWT.ONE_HOUR
# generate unique JWT ID
generated_JWT_ID = str(uuid.uuid4())
# Create claims for token and create token
claims = {
'sub': client_id,
'iat': issued_time,
'exp': expiry_time,

i frequently get

okta-sdk-python - http_client - ERROR - {'message': "HTTP 401 {'error': 'invalid_client', 'error_description': 
'The client_assertion token has an expiration too far into the future.'}"}

errors on Python, but never on node. i set my clock using time.windows.com, but it's usually 1 sec fast

@gabrielsroka
Copy link
Contributor Author

one hacky workaround is to modify the variable:

okta.jwt.JWT.ONE_HOUR -= 5 # allow 5 seconds of clock skew

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant