How much clock drift is accepted between Verification Server and Key Server?
e2e-runner is intermittently failing with error messages like "token is not valid yet" and "token used before issued". This seems to indicate a clock sync issue between MVS and NKS. How much tolerance is built into these checks?
Full errors here in case I'm misinterpreting them:
error uploading teks: POST https://prod.exposurenotification.health/v1/publish - 401: error response from API: unable to validate diagnosis verification: token is not valid yet, err: %!w(<nil>), body: {"error":"unable to validate diagnosis verification: token is not valid yet","code":"health_authority_verification_certificate_invalid"
error uploading teks: POST https://prod.exposurenotification.health/v1/publish - 401: error response from API: unable to validate diagnosis verification: Token used before issued, err: %!w(<nil>), body: {"error":"unable to validate diagnosis verification: Token used before issued","code":"health_authority_verification_certificate_invalid"
Question
How much clock drift is accepted between Verification Server and Key Server?
e2e-runner is intermittently failing with error messages like "token is not valid yet" and "token used before issued". This seems to indicate a clock sync issue between MVS and NKS. How much tolerance is built into these checks?
Full errors here in case I'm misinterpreting them:
error uploading teks: POST https://prod.exposurenotification.health/v1/publish - 401: error response from API: unable to validate diagnosis verification: token is not valid yet, err: %!w(<nil>), body: {"error":"unable to validate diagnosis verification: token is not valid yet","code":"health_authority_verification_certificate_invalid"
error uploading teks: POST https://prod.exposurenotification.health/v1/publish - 401: error response from API: unable to validate diagnosis verification: Token used before issued, err: %!w(<nil>), body: {"error":"unable to validate diagnosis verification: Token used before issued","code":"health_authority_verification_certificate_invalid"