Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 2

"'Expiration time' claim ('exp') is too far in the future" when creating an access token

In my web server for my GitHub App, I have middleware that creates an access token whenever I receive a GitHub event. It appears in my logs that I'm creating three access tokens, with the given JWTs:

JWTClaimsSet {iss = Just 25370, sub = Nothing, aud = Nothing, exp = Just (NumericDate 1552338875), nbf = Nothing, iat = Just (NumericDate 1552338275), jti = Nothing, unregisteredClaims = ClaimsMap {unClaimsMap = fromList []}}
JWTClaimsSet {iss = Just 25370, sub = Nothing, aud = Nothing, exp = Just (NumericDate 1552338877), nbf = Nothing, iat = Just (NumericDate 1552338277), jti = Nothing, unregisteredClaims = ClaimsMap {unClaimsMap = fromList []}}
JWTClaimsSet {iss = Just 25370, sub = Nothing, aud = Nothing, exp = Just (NumericDate 1552338877), nbf = Nothing, iat = Just (NumericDate 1552338277), jti = Nothing, unregisteredClaims = ClaimsMap {unClaimsMap = fromList []}}

where each JWT expires 10 minutes after that moment in time.

On the last one, I get an error:

'Expiration time' claim ('exp') is too far in the future

It may have something to do with the fact that the last JWT has the same iat/exp values as the second JWT, but I'm not sure.

1 Reply
Copilot Lvl 2
Message 2 of 2

Re: "'Expiration time' claim ('exp') is too far in the future" when creating an access tok

Okay so the documentation isn't very clear, but maybe this section on authenticating with JWT is implying that the 'exp' can be at most 10 minutes later than the 'iat'?

 

If this is the case, then I think that

1. The documentation needs to be more clear that 10 minutes is the maximum time hardcoded into the GitHub server (I've been misinterpreting that section to mean "in this example, 10 minutes is the maximum amount of time this token will be available for")

2. The GitHub server should be lenient within a few seconds, because I think I was getting rounding errors when creating a token at "00:00:00.8", setting the expiration for "00:10:00.8", and both of them rounding up when casting to an integer, creating an exp 10 minutes and 1 second into the future.