By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Occasional 'The Token can't be used before...' error after Cognito authentication

0

We are authenticating with AWS Cognito and using the resultant AccessToken for access to our Java API, which is using the Auth0 jwt library. We are occasionally seeing this error:

InvalidClaimException: The Token can't be used before <x>...

Where x is in the future, according to both our alerting software and our Slack instance where alerts are additionally sent to.

We've added an 'acceptLeeway' of 30seconds, which reduced the occurrences but we're still occasionally seeing errors - x is now always 30 seconds in the future.

Beyond increasing the leeway further, any thoughts?

Topics
MicroservicesSecurity, Identity, & Compliance
Tags
MicroservicesAmazon Cognito User Pools
Language
English
tom
asked 2 years ago1051 views
1 Answer
0

Hello Tom,

Greetings from AWS !

The error indicates that, your application where the token is being used has not reached the time when the token is issued. To sync your application server's time with Amazon, please refer to document [1].

Further, I have found a relevant third-party Github repo issue [2] which may be helpful for you in this scenario. Please note that third-party resources are shared on best effort basis and AWS will not be able to vouch for the accuracy of the content being provided. Kindly ensure to test in your development environment before using in production.

--References--

[1] https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/

[2] https://github.com/auth0/java-jwt/issues/467

AWS
SUPPORT ENGINEER
Tarit_G
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content