-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NBF tolerances are too tight for JWT #1439
Comments
We noticed a similar problem and increased the JWT leeway to 10 seconds. We merged the fixed for the Ruby API gem yesterday. This will be included in the next release of the gem. |
@nelsonwittwer This gem currently has its own JWT handling and does not use the shopify_api gem..... Are you guys updating the logic in here to use the shopify api gem? Otherwise my PR #1440 is still necessary. lib/shopify_app/session/jwt.rb |
Description
My computers clock was running 1 second ahead and that was enough to trigger NBF signature issues with the JWT code.
There should be atleast some tolerance in the NBF settings when decoding the JWT, e.g.
I'm running the normal Apple NTP settings, so this can happen to regular users.
The text was updated successfully, but these errors were encountered: