It seems like the API servers usually allow JWTs that are up to a few minutes expired so it's easy to not run into the issue when using the library briefly, but I think there's some clock skew between the API servers so this doesn't always work, and that's before factoring in the client machine's potential clock skew.
Ideally the JWT would be set to expire in ten minutes from the present time, and also that the code that checks if the JWT is still fresh would refresh the JWT if it was going to expire within five minutes.
I'm currently working around this issue by specifying new AppStoreConnectAPI({ ..., expirationTime: Date.now() / 1000 + 10 * 60 }), though this is relying on the behavior of a bug (https://github.com/isaced/appstore-connect-sdk/issues/14).
I found that requests made by this library would fail sometimes with a 401 error, and discovered that this happens because the authentication JWTs it generates are set to expire immediately: https://github.com/isaced/appstore-connect-sdk/blob/3a75e4cf0fe582548ac79ac457b95d09aa774301/src/auth.ts#L30
It seems like the API servers usually allow JWTs that are up to a few minutes expired so it's easy to not run into the issue when using the library briefly, but I think there's some clock skew between the API servers so this doesn't always work, and that's before factoring in the client machine's potential clock skew.
Ideally the JWT would be set to expire in ten minutes from the present time, and also that the code that checks if the JWT is still fresh would refresh the JWT if it was going to expire within five minutes.
I'm currently working around this issue by specifying
new AppStoreConnectAPI({ ..., expirationTime: Date.now() / 1000 + 10 * 60 }), though this is relying on the behavior of a bug (https://github.com/isaced/appstore-connect-sdk/issues/14).