Invalid ID Token error when device time is manually set to wrong time

[robinvandenb]

Issue.

We noticed we encountered a few Invalid ID Token errors. After some research and trial and error we noticed it was caused because the device time was manually set to the wrong time.
Clearer error messages would have taken less time to debug the issue.

Environment

• Your Identity Provider: CDC
• Platform that you're experiencing the issue on: Android
• Are you using Expo? No

[Jay-A-McBee]

👋 Hey @robinvandenb - I agree that highly descriptive error messages would've made this easier to debug, but the thing is we're subject to the error message returned by the native libraries we use - AppAuth Android and AppAuth iOS.

I'll definitely try to repro this to see if there's more info included in the error that would allow us to spell out exactly why the id token is invalid - I'm doubtful that there is. On the bright side though this is definitely something that would only affect a very small fraction of users who choose to manually set the time incorrectly on their device 🤷‍♂️.

[swikars1]

This happed to me in android simulator, i dont know why time was wrong, not a major thing but weird and need fix.

[zomervinicius]

Is there a way to get the server time instead of the device time to get the time?

[kevindice]

Thanks for filing this issue and saving future people some time. My emulator was 5 minutes behind which caused this.

[sanduluca]

My tests show that you get the Invalid ID Token error if your phone time is more than ten minutes behind or if the phone time is after expiration time (as workaround refresh token time to live can be increased, of course if you can 😄 ).
There is a issue on AppAuth-Android that asks for a configuration options and it also has a PR open with the feature
Issue: openid/AppAuth-Android#830
PR: openid/AppAuth-Android#1033

No info on AppAuth-iOS

[kevindice]

I believe it's a feature, not a bug - like OP suggested, a clearer error message could certainly help.