Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle JWT errors due to out-of-sync system time #146

Closed
gr2m opened this issue Aug 11, 2020 · 2 comments · Fixed by #164
Closed

Handle JWT errors due to out-of-sync system time #146

gr2m opened this issue Aug 11, 2020 · 2 comments · Fixed by #164
Assignees
@copperwall
Labels
Type: Feature New feature or request

Comments

@gr2m
Copy link
Contributor

gr2m commented Aug 11, 2020
edited
Loading

There are two errors we have to handle

  1. The calculated expiration time is in the past

    'Expiration time' claim ('exp') must be a numeric value representing the future time at which the assertion expires

  2. The issued at time is in the future

    'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued

I would catch errors in auth.hook and look for the exp or iat in the error message. If either exists, log a warning, then read out error.headers.date to get GitHub's API time, store the difference to the current system time, and use that difference moving forward when calculating more JWTs.

It can be implemented in a similar way as @octokit/auth-basics built-in request error handling:
https://github.com/octokit/auth-basic.js/blob/68dd4638631c57994be455ee7cfca7c8f0c2de8c/src/request-with-2fa.ts

If anyone would like to give this a shot, PRs welcome. I think it's a fun thing to work on. I'll need to implement this myself eventually, but it's not time critical yet
@gr2m gr2m mentioned this issue Aug 11, 2020
Closed
7 tasks
@gr2m gr2m changed the title Log system time and GitHub time in case of an "'Expiration time' claim ('exp') must be a numeric value representing the future time at which the assertion expires" error Handle JWT errors due to out-of-sync system time Aug 11, 2020
@gr2m gr2m added Type: Feature New feature or request help wanted labels Aug 11, 2020
@copperwall
Copy link
Member

I'd love to work on this!

@gr2m
Copy link
Contributor Author

gr2m commented Aug 11, 2020

Great :) Let me know if you have any questions!

@copperwall copperwall mentioned this issue Sep 2, 2020
Merged
@gr2m gr2m mentioned this issue Sep 7, 2020
Closed
@copperwall copperwall mentioned this issue Sep 7, 2020
Merged
@gr2m gr2m closed this as completed in #164 Sep 15, 2020
@ashunikam4 ashunikam4 mentioned this issue Oct 27, 2021
Closed
@ossycodes ossycodes mentioned this issue Jan 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@copperwall copperwall

Labels
Type: Feature New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@gr2m @copperwall