Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

fix: add optional clock_skew parameter to token helpers #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Aug 14, 2025
Merged

fix: add optional clock_skew parameter to token helpers #333

merged 17 commits into from
Aug 14, 2025

Conversation

twishabansal
Copy link
Contributor

@twishabansal twishabansal commented Aug 8, 2025
edited
Loading

Token used too early errors are a known issue.
For example: firebase/firebase-admin-python#624, googleapis/google-auth-library-python#889

This happens when the system clock is not completely syncronised with the server. The function verify_id_token may fail for tokens that were issued by servers which have clocks running a little early.

If verification is done right after the token was issued by such a server, then the call to function google.oauth2.id_token.verify_token may be early enough for the 'issued-at-time' timestamp of the token still being in the future.

Adding the optional parameter clock_skew_in_seconds=60 to the call to google.oauth2.id_token.verify_token would allow for the servers clock to be off by up to a minute and still allow verification of the issued token immediately after it being issued.

Fixes #332

@twishabansal twishabansal marked this pull request as ready for review August 8, 2025 12:59
@twishabansal twishabansal requested a review from a team as a code owner August 8, 2025 12:59
@twishabansal twishabansal mentioned this pull request Aug 8, 2025
Closed
3 tasks
anubhav756
anubhav756 previously approved these changes Aug 8, 2025
View reviewed changes
kurtisvg
kurtisvg reviewed Aug 11, 2025
View reviewed changes
packages/toolbox-core/src/toolbox_core/auth_methods.py Outdated Show resolved Hide resolved
@twishabansal twishabansal requested a review from kurtisvg August 12, 2025 07:15
@twishabansal twishabansal requested review from anubhav756 and kurtisvg and removed request for kurtisvg August 13, 2025 05:07
kurtisvg
kurtisvg previously approved these changes Aug 13, 2025
View reviewed changes
packages/toolbox-core/src/toolbox_core/auth_methods.py Outdated Show resolved Hide resolved
@kurtisvg kurtisvg changed the title fix: fix token clock skew issue fix: add optional clock_skew parameter to token helpers Aug 13, 2025
@twishabansal twishabansal merged commit aa0664f into main Aug 14, 2025
20 checks passed
@twishabansal twishabansal deleted the fix-auth branch August 14, 2025 08:08
@release-please release-please bot mentioned this pull request Aug 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dishaprakash dishaprakash dishaprakash approved these changes

@kurtisvg kurtisvg kurtisvg left review comments

@anubhav756 anubhav756 Awaiting requested review from anubhav756

Assignees

@kurtisvg kurtisvg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

When trying to call MCPToolbox on Cloud run I get Failed to validate and cache the new token: Token used too early

4 participants

@twishabansal @anubhav756 @kurtisvg @dishaprakash
Morty Proxy This is a proxified and sanitized view of the page, visit original site.