问题
I am having the same error as this. In my case it is happening when the app is trying to upload a file via Google Cloud Client API.
POST https://www.googleapis.com/oauth2/v4/token
400 Bad Request
Invalid JWT: Token must be a short-lived token and in a reasonable timeframe
How I load the token is reading a service-account json file, and attach it to CURLOPT_HTTPHEADER in PHP. It did work properly for the past one month, so I am guessing that Google changed the way of authorization.
Has anyone faced & solved this?
回答1:
I stumbled upon the same issue at roughly the same time, so I expected a generic bug of Google but here is what had happened on my computer :
raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token and in a reasonable timeframe
was caused in my case by a poor synchronisation of the computer's clock where the code was executed that had a lag of 5 minutes (due to a faulty battery for the internal clock). It started working again when I manually changed the internal time of my computer to the correct one.
This solution was mentionned here, but not with the full error message
回答2:
I had the same issue, I found that my server was delayed by 8 minutes. I configurated the NTP server and magically it was solved
回答3:
Same problem encountered....manually reset my computer's clock to the current time....problem resolved.
回答4:
I was stumped on this for hours. I even posted this question. Turns out I had overlooked something that should have been somewhat obvious. My dev server is a Linux virtual machine. The clock on my VM was 8 days behind my local system clock. So while my local clock was correct, I overlooked the fact that my VM was several days delayed. Hopefully, this can save the absent-minded some time.
回答5:
I had a similar problem when trying to reach the google cloud big query API. Adjusting my system clock and allowing windows 10 to automatically set the time and time zone solved the problem.
回答6:
I got this error because I had changed my Mac's clock, but not the timezone. Fixed it after I reverted the clock time, and changed the timezone to the timezone I'm currently in.
回答7:
I had the similar problem and my job was keep failing with below error:
File "/usr/local/lib/python2.7/site-packages/google/oauth2/_client.py", line 59, in _handle_error_response
error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems.', u'{\n "error" : "invalid_grant",\n "error_description" : "Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems."\n}')
2018-05-1713:01:01: API CALL iOS intra day: module failed.
The actual root cause was the system time was out of sync with the server. I have refreshed the ntp server which synced the time and the problem was resolved.
回答8:
It sounds obvious, but ensure the expiry exp is after the issued at time iat.
来源:https://stackoverflow.com/questions/36189612/token-must-be-a-short-lived-token-and-in-a-reasonable-timeframe