search

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform
MIT License
293 stars 140 forks source link

RuntimeError: 0. The ID token is not yet valid id_token was: #56

Closed dazzag24 closed 3 years ago

dazzag24 commented 3 years ago

Hi,

The example was working perfectly about 10 days ago. However, when running it today I cannot get past this error. I have tried logging out and in again. Also tried running in private browser session. I'm using the app_config.py mode rather than the b2c one.

Is there some cache somewhere I need to clear either server side or in the browser?

Any hints on what the cause is and how I can fix?

Many thanks

127.0.0.1 - - [18/Nov/2020 20:21:11] "GET /login HTTP/1.1" 200 -
[2020-11-18 20:21:32,613] ERROR in app: Exception on /getAToken [GET]
Traceback (most recent call last):
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/darreng/code/satavia/ms-identity-python-webapp/app.py", line 47, in authorized
    redirect_uri=url_for("authorized", _external=True))
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/application.py", line 455, in acquire_token_by_authorization_code
    **kwargs)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 120, in obtain_token_by_authorization_code
    code, **kwargs)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 428, in obtain_token_by_authorization_code
    return self._obtain_token("authorization_code", data=data, **kwargs)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 89, in _obtain_token
    ret = super(Client, self)._obtain_token(grant_type, *args, **kwargs)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 491, in _obtain_token
    "response": _resp, "params": params, "data": _data,
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/application.py", line 299, in <lambda>
    event, environment=authority.instance)),
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/token_cache.py", line 290, in add
    super(SerializableTokenCache, self).add(event, **kwargs)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/token_cache.py", line 113, in add
    return self.__add(event, now=now)
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/token_cache.py", line 138, in __add
    if id_token else {})
  File "/home/darreng/.local/share/virtualenvs/ms-identity-python-webapp-8iKtPtka/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 69, in decode_id_token
    err, json.dumps(decoded, indent=2)))
RuntimeError: 0. The ID token is not yet valid id_token was: {
  "aud": "<REDACTED>",
  "iss": "https://login.microsoftonline.com/<REDACTED>/v2.0",
  "iat": <REDACTED>,
  "nbf": <REDACTED>,
  "exp": <REDACTED>,
  "name": "<REDACTED>",
  "oid": "<REDACTED>",
  "preferred_username": "<REDACTED>",
  "rh": "0.<REDACTED>.",
  "sub": "<REDACTED>",
  "tid": "<REDACTED>",
  "uti": "<REDACTED>",
  "ver": "2.0"
}
rayluo commented 3 years ago

This web app sample is powered by MSAL authentication library, which automatically performs ID token validation for you. The error you saw, "The ID token is not yet valid id_token was: ..." indicated that the incoming ID token came from a time newer than your machine's current time. This is mostly caused by your current machine's clock is far behind the actual time. Can you check that first?

rayluo commented 3 years ago

Closing due to inactivity. Feel free to reopen if you still encounter same issue.