Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncaught ImmatureSignatureError: The token is not yet valid (iat) #307

Open
corneliusroemer opened this issue Sep 1, 2023 · 3 comments
Open

Uncaught ImmatureSignatureError: The token is not yet valid (iat) #307

corneliusroemer opened this issue Sep 1, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@corneliusroemer
Copy link
Member

Current Behavior

When I run nextstrain login I get an uncaught error nextstrain.cli.aws.cognito.TokenError: ImmatureSignatureError: The token is not yet valid (iat)

Expected behavior

Error is caught and wrapped into something useful for the enduser

How to reproduce

  1. Screw up your local system time
  2. Try nextstrain login

Example stack trace:

$ nextstrain login
Logging into Nextstrain.org…

Username: XXXXXX
Password: 

Traceback (most recent call last):
  File "nextstrain.cli.aws.cognito", line 249, in _verify_token
  File "jwt.api_jwt", line 210, in decode
  File "jwt.api_jwt", line 162, in decode_complete
  File "jwt.api_jwt", line 242, in _validate_claims
  File "jwt.api_jwt", line 278, in _validate_iat
jwt.exceptions.ImmatureSignatureError: The token is not yet valid (iat)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "runpy", line 196, in _run_module_as_main
  File "runpy", line 86, in _run_code
  File "nextstrain.cli.__main__", line 55, in <module>
  File "nextstrain.cli.__main__", line 19, in main
  File "nextstrain.cli", line 36, in run
  File "nextstrain.cli.command.login", line 103, in run
  File "nextstrain.cli.authn", line 69, in login
  File "nextstrain.cli.aws.cognito", line 167, in authenticate
  File "nextstrain.cli.aws.cognito", line 232, in verify_tokens
  File "nextstrain.cli.aws.cognito", line 261, in _verify_token
nextstrain.cli.aws.cognito.TokenError: ImmatureSignatureError: The token is not yet valid (iat)

Your environment: if running Nextstrain locally

  • Operating system: macOS 13.5.1, ARM
  • Version (e.g. auspice 2.7.0): nextstrain cli 7.2.0

Additional context

Fix: I ran sudo sntp -sS time.apple.com to sync my clock and that fixed things. My time was apparently 2 seconds off.

+2.158983 +/- 0.022257 time.apple.com 17.253.14.123

Further discussion in these two blab slack threads:
@corneliusroemer corneliusroemer added the bug Something isn't working label Sep 1, 2023
@corneliusroemer
Copy link
Member Author

Maybe relevant: jpadilla/pyjwt#814

@corneliusroemer
Copy link
Member Author

Maybe we could increase the leeway for clock skew? In my case it appears to have been "just" 2 seconds. Not sure whether the we can increase leeway though. https://pyjwt.readthedocs.io/en/latest/usage.html#not-before-time-claim-nbf

@tsibley
Copy link
Member

tsibley commented Sep 1, 2023

It would certainly be friendlier in these cases to catch ImmatureSignatureError and issue a nice error message with suggestions of how to fix. And maybe adding some more leeway for clock skew.

@tsibley tsibley changed the title Uncaught error: nextstrain.cli.aws.cognito.TokenError: ImmatureSignatureError: The token is not yet valid (iat) Uncaught ImmatureSignatureError: The token is not yet valid (iat) Sep 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
No open projects
Nextstrain planning (archived)
Status: New
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsibley @corneliusroemer