You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using Wordpress Version 4.7.3, trying to install the official Auth0 plugin on it for the first time.
My problem was that I could not login as an Auth0 user on my WP site, even though Auth0 showed no errors in the log. I've traced the problem to the php-jwt library, which rejected decoding the id token because of bad nbf & iat values. The timestamps in the token were a few seconds ahead of my server's time, so the "current time must be after NBF" check failed.
The official JWT specs say that this check is optional, and suggest providing a leeway of a couple of minutes to account for clock skew. I fixed my problem by adding a leeway of 120 seconds (the actual difference was around 2 seconds in my case).
I am using Wordpress Version 4.7.3, trying to install the official Auth0 plugin on it for the first time.
My problem was that I could not login as an Auth0 user on my WP site, even though Auth0 showed no errors in the log. I've traced the problem to the php-jwt library, which rejected decoding the id token because of bad nbf & iat values. The timestamps in the token were a few seconds ahead of my server's time, so the "current time must be after NBF" check failed.
The official JWT specs say that this check is optional, and suggest providing a leeway of a couple of minutes to account for clock skew. I fixed my problem by adding a leeway of 120 seconds (the actual difference was around 2 seconds in my case).
Specification: https://tools.ietf.org/html/rfc7519#section-4.1.5
Currently used version of php-jwt in this plugin is outdated, but the up-to-date one has a $leeway property specifically for this case.
Please patch the plugin by updating the included php-jwt library and setting the $leeway value to a reasonable value.
The text was updated successfully, but these errors were encountered: