Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when validating JWT claims: Error parsing token: Token is not valid yet #1942

Open
WhyAydan opened this issue May 7, 2024 · 5 comments
Open

Error when validating JWT claims: Error parsing token: Token is not valid yet #1942

WhyAydan opened this issue May 7, 2024 · 5 comments
Labels
self-hosting zitadel

Comments

@WhyAydan
Copy link

WhyAydan commented May 7, 2024
edited

Describe the problem

When setting up via Zitadel v2.46.7 I am unable to login straight away as the console says the following.

Error when validating JWT claims: Error parsing token: Token is not valid yet

To Reproduce

Steps to reproduce the behavior:
Grab the latest version of Zitadel and try to setup the connector.

Expected behavior

Login without issues

Are you using NetBird Cloud?

Self-hosted

NetBird version

v2.3.0

Additional context

caddy-1       | {"level":"debug","ts":1715106416.1974788,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"management:80","duration":0.18388418,"request":{"remote_ip":"REDACTED","remote_port":"62111","client_ip":"REDACTED","proto":"HTTP/2.0","method":"GET","host":"REDACTED","uri":"/api/users","headers":{"Sec-Ch-Ua":["\"Not-A.Brand\";v=\"99\", \"Chromium\";v=\"124\""],"Authorization":[],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["empty"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"X-Forwarded-Proto":["https"],"Accept":["application/json"],"Referer":["https://REDACTED/peers"],"Priority":["u=1, i"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Cookie":[],"X-Forwarded-For":["REDACTED"],"X-Forwarded-Host":["REDACTED"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Mobile":["?0"],"Content-Type":["application/json"],"Sec-Fetch-Mode":["cors"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"REDACTED"}},"headers":{"Date":["Tue, 07 May 2024 18:26:56 GMT"],"Content-Length":["39"],"Content-Type":["application/json; charset=UTF-8"],"Vary":["Origin"]},"status":401}
caddy-1       | {"level":"debug","ts":1715106416.72139,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"management:80","total_upstreams":1}
management-1  | 2024-05-07T18:26:56Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: Token is not valid yet
management-1  | 2024-05-07T18:26:56Z ERRO management/server/http/middleware/auth_middleware.go:88: Error when validating JWT claims: Error parsing token: Token is not valid yet
management-1  | 2024-05-07T18:26:56Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
management-1  | 2024-05-07T18:26:56Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 3537426485: GET /api/users status 401

management-1  | 2024-05-07T18:27:37Z WARN management/server/account.go:1245: user 266096520175157251 not found in IDP
management-1  | 2024-05-07T18:27:37Z INFO management/server/account.go:1411: cache invalid. Users unknown to the cache: 1
management-1  | 2024-05-07T18:27:37Z INFO management/server/account.go:1372: refreshing cache for account cot70csrfpec73emggs0

It is entirely possible that I'm the issue but who knows.
@mlsmaycon
Copy link
Collaborator

@WhyAydan, This error, Token is not valid yet, usually happens when there is a time sync issue with the Zitadel or NetBird's service.

Can you double-check the time in both services and your own workstation to confirm it? If so, you can check some steps from https://askubuntu.com/questions/254826/how-to-force-a-clock-update-using-ntp to update your server's time. Once that is done you can restart the affected service.

@WhyAydan
Copy link
Author

WhyAydan commented May 7, 2024
edited

@mlsmaycon
I shall give it a go, what method do you use for docker? been a while since i time synced them but i recall it being something like this?

volumes:
 - /etc/localtime:/etc/localtime:ro

UPDATE:

mounted the volume and set the env for all containers to be
TZ=Europe/London

@WhyAydan
Copy link
Author

WhyAydan commented May 7, 2024

Thats been resolved but now the logs are getting the following

management-1  | 2024-05-07T19:18:15Z INFO management/server/account.go:1411: cache invalid. Users unknown to the cache: 1
management-1  | 2024-05-07T19:18:15Z INFO management/server/account.go:1372: refreshing cache for account cot70csrfpec73emggs0
management-1  | 2024-05-07T19:18:15Z WARN management/server/account.go:1245: user 266096520175157251 not found in IDP

@mlsmaycon
Copy link
Collaborator

@WhyAydan regarding the time, usually synchronizing the host's time is enough.

The error means that there is no user in the Zitadel with the same ID, 266096520175157251. Is this a fresh installation?

@WhyAydan
Copy link
Author

WhyAydan commented May 8, 2024

Hello, zitadel isn't a fresh install no. However Netbird is :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
self-hosting zitadel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlsmaycon @WhyAydan