Search code examples
angularjwtgoogle-signin

JWT token not yet valid

I've got a google sign in button in my angular web app. After a successful sign in, I store the user profile and id-token. The id-token is set in each request header I send to my custom api.

I'm currently getting 2 issues with the code below:

onGoogleSignInSuccess(event: GoogleSignInSuccess) {
var profile = event.googleUser.getBasicProfile();
var id_token = event.googleUser.getAuthResponse().id_token;

// store google user data in local storage
localStorage.setItem('googleUserProfile', JSON.stringify(profile));
localStorage.setItem('googleIdToken', JSON.stringify(id_token));

// check user's email address exist in Felix
this.userService.getUserByEmail(profile.getEmail()).subscribe(InUser => {
  this.globalService.setCurrentUser(InUser);
  this.router.navigate(['companylist']);
}, error => {
  this.errorLoggingIn = true;
  this.errorCode = error.status;
  console.log('error logging in: ' + JSON.stringify(error));
});
}
  1. Most times, my API will throw a 'JWT not yet valid' error when attempting to validate the id-token with google. It seems to work once every 4 attempts.
  2. and it's not hitting ngOnInit when navigating to 'companyList'

However, when I use the npm module sngular5-social-auth and implement the following code:

public socialSignIn(socialPlatform: string) {
let socialPlatformProvider;
socialPlatformProvider = GoogleLoginProvider.PROVIDER_ID;

this.socialAuthService.signIn(socialPlatformProvider).then(
  (userData) => {
    console.log(socialPlatform + " sign in data : ", userData);
    // store google user data in local storage
    localStorage.setItem('currentGoogleUserData', JSON.stringify(userData));

    this.userService.getUserByEmail(userData.email).subscribe(InUser => {
      this.globalService.setCurrentUser(InUser);
      this.router.navigate(['companylist']);
    }, error => {
      this.errorLoggingIn = true;
      this.errorCode = error.status;
      console.log('error logging in: ' + JSON.stringify(error));
    });
  }
);
}

all seems to work fine. I don't get the JWT not yet valid error and my company list page loads fine with data.

I've decided to go with option 1 because I get the default google sign in button.

any ideas what the difference between the 2 codes could be?

Solution

  • The problem is that your server time is different from Google server time. And when you validate received token from google it might be that token will be valid in 1 or n seconds. That's why you get an error JWT not yet valid

    To fix it you can synchronize time of your server with google server time. Google doc how to do this is https://developers.google.com/time/