Error when validating JWT claims: Error parsing token: Token is not valid yet

WhyAydan commented 5 months ago

Describe the problem

When setting up via Zitadel v2.46.7 I am unable to login straight away as the console says the following.

Error when validating JWT claims: Error parsing token: Token is not valid yet

To Reproduce

Steps to reproduce the behavior: Grab the latest version of Zitadel and try to setup the connector.

Expected behavior

Login without issues

Are you using NetBird Cloud?

Self-hosted

NetBird version

v2.3.0

Additional context

caddy-1       | {"level":"debug","ts":1715106416.1974788,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"management:80","duration":0.18388418,"request":{"remote_ip":"REDACTED","remote_port":"62111","client_ip":"REDACTED","proto":"HTTP/2.0","method":"GET","host":"REDACTED","uri":"/api/users","headers":{"Sec-Ch-Ua":["\"Not-A.Brand\";v=\"99\", \"Chromium\";v=\"124\""],"Authorization":[],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["empty"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"X-Forwarded-Proto":["https"],"Accept":["application/json"],"Referer":["https://REDACTED/peers"],"Priority":["u=1, i"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Cookie":[],"X-Forwarded-For":["REDACTED"],"X-Forwarded-Host":["REDACTED"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Mobile":["?0"],"Content-Type":["application/json"],"Sec-Fetch-Mode":["cors"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"REDACTED"}},"headers":{"Date":["Tue, 07 May 2024 18:26:56 GMT"],"Content-Length":["39"],"Content-Type":["application/json; charset=UTF-8"],"Vary":["Origin"]},"status":401}
caddy-1       | {"level":"debug","ts":1715106416.72139,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"management:80","total_upstreams":1}
management-1  | 2024-05-07T18:26:56Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: Token is not valid yet
management-1  | 2024-05-07T18:26:56Z ERRO management/server/http/middleware/auth_middleware.go:88: Error when validating JWT claims: Error parsing token: Token is not valid yet
management-1  | 2024-05-07T18:26:56Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
management-1  | 2024-05-07T18:26:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3537426485: GET /api/users status 401

management-1  | 2024-05-07T18:27:37Z WARN management/server/account.go:1245: user 266096520175157251 not found in IDP
management-1  | 2024-05-07T18:27:37Z INFO management/server/account.go:1411: cache invalid. Users unknown to the cache: 1
management-1  | 2024-05-07T18:27:37Z INFO management/server/account.go:1372: refreshing cache for account cot70csrfpec73emggs0

It is entirely possible that I'm the issue but who knows.

mlsmaycon commented 5 months ago

@WhyAydan, This error, Token is not valid yet, usually happens when there is a time sync issue with the Zitadel or NetBird's service.

Can you double-check the time in both services and your own workstation to confirm it? If so, you can check some steps from https://askubuntu.com/questions/254826/how-to-force-a-clock-update-using-ntp to update your server's time. Once that is done you can restart the affected service.

WhyAydan commented 5 months ago

@mlsmaycon I shall give it a go, what method do you use for docker? been a while since i time synced them but i recall it being something like this?

volumes:
 - /etc/localtime:/etc/localtime:ro

UPDATE:

mounted the volume and set the env for all containers to be TZ=Europe/London

WhyAydan commented 5 months ago

Thats been resolved but now the logs are getting the following

management-1  | 2024-05-07T19:18:15Z INFO management/server/account.go:1411: cache invalid. Users unknown to the cache: 1
management-1  | 2024-05-07T19:18:15Z INFO management/server/account.go:1372: refreshing cache for account cot70csrfpec73emggs0
management-1  | 2024-05-07T19:18:15Z WARN management/server/account.go:1245: user 266096520175157251 not found in IDP

mlsmaycon commented 5 months ago

@WhyAydan regarding the time, usually synchronizing the host's time is enough.

The error means that there is no user in the Zitadel with the same ID, 266096520175157251. Is this a fresh installation?

WhyAydan commented 5 months ago

Hello, zitadel isn't a fresh install no. However Netbird is :)

iamspido commented 3 months ago

any news to that? has set up my zitadel freshly and a freshly installed netbird installation and get tons of warning and the loading from netbird ui is extreme slow (25 seconds to load the peers):


management-1  | 2024-07-26T23:28:20Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:20Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:20Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:21Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:21Z INFO [requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, context: HTTP] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:21Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:21Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:21Z WARN [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:21Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:21Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:21Z INFO [userID: 277328874407788559, context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: ] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:22Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:22Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:22Z INFO [context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:22Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:22Z WARN [context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:23Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:23Z INFO [context: HTTP, requestID: b3501788-5573-43c1-b582-04cda2bf9480, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:23Z INFO [context: HTTP, requestID: b3501788-5573-43c1-b582-04cda2bf9480, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:23Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:23Z INFO [context: HTTP, requestID: b3501788-5573-43c1-b582-04cda2bf9480, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:23Z INFO [context: HTTP, requestID: b3501788-5573-43c1-b582-04cda2bf9480, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:23Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:23Z WARN [context: HTTP, requestID: b3501788-5573-43c1-b582-04cda2bf9480, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:24Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:24Z INFO [userID: 277328874407788559, context: HTTP, requestID: b9e2a12d-1c3a-40b2-ac55-248686814556, accountID: ] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:24Z INFO [userID: 277328874407788559, context: HTTP, requestID: b9e2a12d-1c3a-40b2-ac55-248686814556, accountID: ] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:24Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:24Z INFO [requestID: b9e2a12d-1c3a-40b2-ac55-248686814556, accountID: , userID: 277328874407788559, context: HTTP] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:24Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: b9e2a12d-1c3a-40b2-ac55-248686814556] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:25Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:25Z WARN [context: HTTP, requestID: b9e2a12d-1c3a-40b2-ac55-248686814556, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:25Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:25Z INFO [userID: 277328874407788559, context: HTTP, requestID: e8f42aaf-56fd-48af-b396-5040eb23fb2c, accountID: ] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:25Z INFO [context: HTTP, requestID: e8f42aaf-56fd-48af-b396-5040eb23fb2c, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:25Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:25Z INFO [context: HTTP, requestID: e8f42aaf-56fd-48af-b396-5040eb23fb2c, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:25Z INFO [userID: 277328874407788559, context: HTTP, requestID: e8f42aaf-56fd-48af-b396-5040eb23fb2c, accountID: ] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:26Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:26Z WARN [context: HTTP, requestID: e8f42aaf-56fd-48af-b396-5040eb23fb2c, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:26Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:26Z INFO [userID: 277328874407788559, context: HTTP, requestID: b40ef1c9-ebc8-4db1-8098-a7f56fb2c1ff, accountID: ] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:26Z INFO [context: HTTP, requestID: b40ef1c9-ebc8-4db1-8098-a7f56fb2c1ff, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:26Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:26Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: b40ef1c9-ebc8-4db1-8098-a7f56fb2c1ff] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:27Z INFO [context: HTTP, requestID: b40ef1c9-ebc8-4db1-8098-a7f56fb2c1ff, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:27Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:27Z WARN [context: HTTP, requestID: b40ef1c9-ebc8-4db1-8098-a7f56fb2c1ff, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:27Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:27Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:27Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:28Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:28Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:28Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:28Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:28Z WARN [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:28Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:28Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:28Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:29Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:29Z INFO [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:29Z INFO [userID: 277328874407788559, context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: ] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:29Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:29Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:29Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:29Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:29Z WARN [context: HTTP, requestID: 6556163a-460d-491c-800a-90ef9029b418, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:29Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:30Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:30Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:30Z WARN [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:30Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:30Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:30Z INFO [accountID: , userID: 277328874407788559, context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:30Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:30Z INFO [requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: , userID: 277328874407788559, context: HTTP] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:31Z INFO [context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:31Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:31Z WARN [context: HTTP, requestID: 0ad7a559-07d7-49c1-a267-f0fdb351600a, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:31Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:31Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:31Z INFO [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:32Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:32Z INFO [requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559, context: HTTP] management/server/account.go:1431: cache invalid. Users unknown to the cache: 1
management-1  | 2024-07-26T23:28:32Z INFO [requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559, context: HTTP] management/server/account.go:1392: refreshing cache for account cqhh3e82ft7s73fano30
management-1  | 2024-07-26T23:28:32Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP
management-1  | 2024-07-26T23:28:32Z WARN [context: HTTP, requestID: 0cac0d1a-5a53-4c14-8088-25990ff3a6ce, accountID: , userID: 277328874407788559] management/server/account.go:1399: cache for account cqhh3e82ft7s73fano30 reached maximum refresh attempts (2)
management-1  | 2024-07-26T23:28:33Z WARN management/server/account.go:1265: user 277328874407788559 not found in IDP

My Setup: Zidatel v2.56.1 with postgres 16 alpine Latest Netbird (v0.28.7) Reverse Proxy Traefik (3.1) All are in docker containers.

netbirdio / netbird

Error when validating JWT claims: Error parsing token: Token is not valid yet #1942