Token must be a short-lived token and in a reasonable timeframe

PhpGoogle ApiGoogle Api-Php-Client

Php Problem Overview


I am having the same error as this. In my case it is happening when the app is trying to upload a file via Google Cloud Client API.

POST https://www.googleapis.com/oauth2/v4/token
400 Bad Request
Invalid JWT: Token must be a short-lived token and in a reasonable timeframe

How I load the token is reading a service-account json file, and attach it to CURLOPT_HTTPHEADER in PHP. It did work properly for the past one month, so I am guessing that Google changed the way of authorization.

Has anyone faced & solved this?

Php Solutions


Solution 1 - Php

I stumbled upon the same issue at roughly the same time, so I expected a generic bug of Google but here is what had happened on my computer :

raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token and in a reasonable timeframe

was caused in my case by a poor synchronisation of the computer's clock where the code was executed that had a lag of 5 minutes (due to a faulty battery for the internal clock). It started working again when I manually changed the internal time of my computer to the correct one.

This solution was mentionned here, but not with the full error message

Solution 2 - Php

I had the same issue, I found that my server was delayed by 8 minutes. I configurated the NTP server and magically it was solved

Solution 3 - Php

For those getting that error for a containerized app and ending up here,

I had the same issue when using my token from a containerized app. Rebooting Docker Desktop (Windows) did it for me.

I had this setup for weeks before getting that issue for the first time.

Solution 4 - Php

Same problem encountered....manually reset my computer's clock to the current time....problem resolved.

Solution 5 - Php

For those using vagrant, ssh into your box and run sudo service ntp stop && sudo ntpd -gq && sudo service ntp

Solution 6 - Php

I was stumped on this for hours. I even posted this question. Turns out I had overlooked something that should have been somewhat obvious. My dev server is a Linux virtual machine. The clock on my VM was 8 days behind my local system clock. So while my local clock was correct, I overlooked the fact that my VM was several days delayed. Hopefully, this can save the absent-minded some time.

Solution 7 - Php

I had the similar problem and my job was keep failing with below error:

  File "/usr/local/lib/python2.7/site-packages/google/oauth2/_client.py", line 59, in _handle_error_response
    error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems.', u'{\n  "error" : "invalid_grant",\n  "error_description" : "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems."\n}')
2018-05-1713:01:01:  API CALL iOS intra day: module failed.

The actual root cause was the system time was out of sync with the server. I have refreshed the ntp server which synced the time and the problem was resolved.

Solution 8 - Php

I had a similar problem when trying to reach the google cloud big query API. Adjusting my system clock and allowing windows 10 to automatically set the time and time zone solved the problem.

Solution 9 - Php

I had this problem when using Windows Subsystem for Linux (WSL). All my WSL images were running with date set in the past, https://github.com/microsoft/WSL/issues/4245 suggests that its a problem when Windows resumes from sleep.

I fixed by restarting WSL, wsl --shutdown

Solution 10 - Php

It sounds obvious, but ensure the expiry exp is after the issued at time iat.

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionwataruView Question on Stackoverflow
Solution 1 - PhpWNGView Answer on Stackoverflow
Solution 2 - PhpEddy LópezView Answer on Stackoverflow
Solution 3 - PhpDaveView Answer on Stackoverflow
Solution 4 - PhpGurdeep SinghView Answer on Stackoverflow
Solution 5 - PhpErinView Answer on Stackoverflow
Solution 6 - PhpajonView Answer on Stackoverflow
Solution 7 - PhpjagathView Answer on Stackoverflow
Solution 8 - PhpDon OndejeView Answer on Stackoverflow
Solution 9 - PhpjamietView Answer on Stackoverflow
Solution 10 - PhpMark TicknerView Answer on Stackoverflow