Description
- OS: Various
- Python version: 3.9.7/3.10.0
google-authversion: 2.3.0
I'm the author of Advanced GAM: https://github.com/taers232c/GAMADV-XTD3
Changes in V2.1.0. Improve handling of clock skew (#858) (45c4491)
now cause the following error on a sporadic but annoying basis.
Previously, there was a clock skew allowance of 10 seconds. now it's 0.
File "init.py", line 3904, in _getValueFromOAuth
File "google\oauth2\id_token.py", line 144, in verify_oauth2_token
File "google\oauth2\id_token.py", line 124, in verify_token
File "google\auth\jwt.py", line 278, in decode
File "google\auth\jwt.py", line 195, in _verify_iat_and_exp
ValueError: Token used too early, 1634244631 < 1634244632. Check that your computer's clock is set correctly.
Chain of calls
google\oauth2\id_token.py
def verify_oauth2_token(id_token, request, audience=None):
...
idinfo = verify_token(
id_token, request, audience=audience, certs_url=_GOOGLE_OAUTH2_CERTS_URL
)
def verify_token(id_token, request, audience=None, certs_url=_GOOGLE_OAUTH2_CERTS_URL):
...
return jwt.decode(id_token, certs=certs, audience=audience)
google\auth\jwt.py
def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds=0):
...
_verify_iat_and_exp(payload, clock_skew_in_seconds)
def _verify_iat_and_exp(payload, clock_skew_in_seconds=0):
Unfortunately, verify_oauth2_token and verify_token don't have a clock_skew_in_seconds parameter
so I can't get the old behavior back.
Thanks,
Ross