Closed tolgap closed 2 years ago
@tolgap Hi tolgap,
I am also experiencing this. I have not confirmed that my timing is off. How did you debug the jwt token in that createShopifyAuth section?
Have you managed to fix this?
Hey @Tigatok, @tolgap - you could set a tolerance when verifying the JWT:
clockTolerance: number of seconds to tolerate when checking the nbf and exp claims, to deal with small clock differences among different servers
@bkspace Thanks for the response. I guess, with the server.json that the base projects get you started with, I am trying to understand where the JWT get's verified.
Also having this issue in development, following build-a-shopify-app-with-node-and-react tutorial.
package.json details:
"dependencies": {
"@shopify/app-bridge-react": "^2.0.3",
"@shopify/app-bridge-utils": "^2.0.3",
"@shopify/koa-shopify-auth": "^4.1.3",
"@shopify/polaris": "^6.5.0",
"apollo-boost": "^0.4.9",
"dotenv": "^10.0.0",
"graphql": "^15.5.1",
"isomorphic-fetch": "^3.0.0",
"koa": "^2.13.1",
"koa-router": "^8.0.8",
"next": "^11.0.1",
"react": "^17.0.2",
"react-apollo": "^3.1.5",
"react-dom": "^17.0.2",
"store-js": "^2.0.4",
"webpack": "^4.46.0"
}
I had the same issue with nbf
. My server request is made before the jwt
token active. And I end up with error: Failed to parse session token <token>: jwt not active
.
I solve this problem by manually setting sync my windows 10 times with time.windows.com. I'm wondering if this issue related to time so merchants can face this too with their environments.
This is solved for me since https://github.com/Shopify/shopify-node-api/issues/207 landed in @shopify/shopify-api@2.0.0
Describe the bug
When my Mac OS X 11.3.1 Big Sur machine is close to a new minute on my system clock, I notice strange behavior:
Error: Failed to parse session token <token>: jwt not active
This error is happening consistently on my local development environment. When debugging the JWT parsing that is provided by
@shopify/koa-shopify-auth
, I notice the following behavior:I have added the
now
property to the JWT myself. As you can see, thenbf
value of my token is in the future of my development machine:This seems to mostly happen, when my machine is 3 seconds close to a new minute. So for instance: between
13:30:57
and13:30:59
, I will run into this issue.Contextual information
Packages and versions
List the relevant packages you’re using, and their versions. For example:
"@apollo/client": "^3.3.15"
"@shopify/app-bridge-react": "^2.0.2"
"@shopify/app-bridge-utils": "^2.0.2"
"@shopify/koa-shopify-auth": "^4.1.3"
"koa-session": "^6.2.0"
"koa": "^2.13.1"
Platform
Additional context
Next.js app, using Koa. The default
Shopify/shopify-app-node
setup fromshopify create
.I noticed some others running into this: