RPError: JWT not active yet, now 1579073794, nbf 1579073795

[hanselke]

SDK you're using (please complete the following information):

• Version 4.02

Describe the bug
When you try to authenticate, it fails after callback with error in title.

This is due to the system setting a nbf (not before) timestamp to accept the calling of
await xero.setAccessTokenFromRedirectUri(url);

To Reproduce
in xero-node-oauth2-app, just try to authenticate. it happens sometimes
Expected behavior
it should work all the time

Screenshots

Additional context
i've fixed it in my own app by adding a timeout before doing anything with the callback, but it seems like it's ALWAYS 1 ms lower then nbf whenever it causes an error. maybe make the nbf slightly earlier?

[SerKnight]

Hey @hanselke - this should be fixed in 4.1.0 due to some refactors in the XeroClient.ts file, where the clock tolerance is setup: https://github.com/XeroAPI/xero-node/blob/master/src/xeroClient.ts#L40

If still dealing with this after updating - feel free to re-open if issue persists.

[vj-varinder]

Hey @SerKnight I am facing the same issue.

• Using SDK Version 4.1.7

I am running https://github.com/XeroAPI/xero-node-oauth2-app while authenticating I am getting the below mentioned error

[edwardsph]

I was getting the same issue on 4.10.3 but upgrading to 4.11.2 hasn't helped. Seems like there is still an issue.

[devinrhode2]

Hey @hanselke - this should be fixed in 4.1.0 due to some refactors in the XeroClient.ts file, where the clock tolerance is setup: https://github.com/XeroAPI/xero-node/blob/master/src/xeroClient.ts#L40

Here's updated url: https://github.com/XeroAPI/xero-node/blob/4.1.0/src/xeroClient.ts#L40

[devinrhode2]

Turns out, we had this issue with a different oauth implementation, but, it turned out, that the issue is because one developer's clock was off by 2.4 MINUTES (144 seconds).

If you go to time.gov, here's what you don't want to see:

Here's what you do want to see (very small offset):

As long as your servers have relatively accurate time, you shouldn't have this problem.
In theory you can increase clock tolerance to accommodate more inaccurate clocks.

[venus1344]

hello @devinrhode2

I'm just experiencing a similar issue while testing the oauth2-app (xero-node: 4.27.1). I don't quite understand the clock tolerance you're referring to on your solution above. May you shed more light on this?

Thanks

[devinrhode2]

I think ultimately you should just go to time.gov and try to tune your clock

[datluong255]

I've come across the same situation and I just added clockTolerance >= Your clock is off by: then it worked (xero-node: 4.32.0)