Exception: pycognito.exceptions.TokenVerificationException: Your 'access_token' token could not be verified (The token is not yet valid (iat)).

[Scotchy49]

Today I kept receiveing the following exception:

File ".venv/lib/python3.10/site-packages/pycognito/__init__.py", line 496, in authenticate
    self._set_tokens(tokens)

  File ".venv/lib/python3.10/site-packages/pycognito/__init__.py", line 768, in _set_tokens
    self.verify_token(

  File ".venv/lib/python3.10/site-packages/pycognito/__init__.py", line 267, in verify_token
    raise TokenVerificationException(

pycognito.exceptions.TokenVerificationException: Your 'access_token' token could not be verified (The token is not yet valid (iat)).

After investigating, it appears to be some time synchronization issue.

The default time leeway for PyJWT is 0, which was too short for me.

My fix was to pass the parameter leeway to the jwt_api.jwt.decode_complete call (__init__.py line 255 as of today).

A better fix would be to pass that parameter somewhere in the chain. Either in the constructor or the authenticate method call.

[mmixtegaupgrade]

Find the same issue, also fixed the same way I think the solution proposed is nice as well 🚀

[magico13]

This issue is cropping up quite often for users of my Emporia Energy Home Assistant integration since updating the pycognito version in use (https://github.com/magico13/ha-emporia-vue/issues/260). For most an NTP sync helps but prior to the change to PyJWT this never came up. The ability to easily increase the leeway, or remove the iat check entirely, would be appreciated.