JWT Time Threshold Issue

  • Resolved jjepsilon

    (@jjepsilon)


    6 years, 5 months ago

    Hello,

    My company recently had an issue occur where our server clock lapsed due to a power cycle and we lost the ability to login to WordPress via Auth0. Although I was able to correct our server clock, we still had issues logging in.

    We received the error ‘Invalid ID token (used too early)’ (and after I traced the error to file: /auth0/lib/php-jwt/Authentication/JWT.php, the error occurring was: ‘Cannot handle token prior to (iat)’).

    I was able to fix this issue by increasing the number of seconds “15” to “60” in the following if statement on line 89 of JWT.php: (if ( isset( $payload->iat ) && $payload->iat > time() + 15 ))

    Changing 15 seconds to 60 seconds fixed our issue because the time threshold allowance was corrected, however this fix will be wiped the next time we update the plugin.

    Would it be possible to add some sort of feature to the plugin where we could alter the time allowance threshold without having to hard-code it?

    Please let me know.

    Thanks!

    JJ

    • This topic was modified 6 years, 5 months ago by jjepsilon.
    • This topic was modified 6 years, 5 months ago by jjepsilon.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘JWT Time Threshold Issue’ is closed to new replies.