Google Social Login Error - ImmatureSignatureError: The token is not yet valid (iat)

[adrenaline681]

Since my last package upgrade to 0.61.1 I'm getting the following error when trying to login with Google Auth during development.

jwt.exceptions.ImmatureSignatureError: The token is not yet valid (iat)
...
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Invalid id_token

My PC (Windows) time is set up properly as well as my docker container time (checked using the 'date' command and prints the proper date and time). It seems to work properly in production but since is not working in development it doesnt allow me to login and test auth features in dev.

Any ideas of how I could fix this?

Here is the full stack trace:

Traceback (most recent call last):
2024-03-14T05:43:13.362097445Z   File "/usr/local/lib/python3.11/site-packages/allauth/socialaccount/internal/jwtkit.py", line 71, in verify_and_decode
2024-03-14T05:43:13.362100942Z     data = jwt.decode(
2024-03-14T05:43:13.362103627Z            ^^^^^^^^^^^
2024-03-14T05:43:13.362106131Z   File "/usr/local/lib/python3.11/site-packages/jwt/api_jwt.py", line 210, in decode
2024-03-14T05:43:13.362108706Z     decoded = self.decode_complete(
2024-03-14T05:43:13.362111000Z               ^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362113295Z   File "/usr/local/lib/python3.11/site-packages/jwt/api_jwt.py", line 162, in decode_complete
2024-03-14T05:43:13.362115709Z     self._validate_claims(
2024-03-14T05:43:13.362117903Z   File "/usr/local/lib/python3.11/site-packages/jwt/api_jwt.py", line 242, in _validate_claims
2024-03-14T05:43:13.362120328Z     self._validate_iat(payload, now, leeway)
2024-03-14T05:43:13.362122662Z   File "/usr/local/lib/python3.11/site-packages/jwt/api_jwt.py", line 278, in _validate_iat
2024-03-14T05:43:13.362125016Z     raise ImmatureSignatureError("The token is not yet valid (iat)")
2024-03-14T05:43:13.362127311Z jwt.exceptions.ImmatureSignatureError: The token is not yet valid (iat)
2024-03-14T05:43:13.362129485Z 
2024-03-14T05:43:13.362131769Z The above exception was the direct cause of the following exception:
2024-03-14T05:43:13.362153720Z 
2024-03-14T05:43:13.362158309Z Traceback (most recent call last):
2024-03-14T05:43:13.362160693Z   File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
2024-03-14T05:43:13.362163087Z     response = wrapped_callback(request, *callback_args, **callback_kwargs)
2024-03-14T05:43:13.362165292Z                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362167526Z   File "/usr/local/lib/python3.11/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
2024-03-14T05:43:13.362169810Z     return view_func(request, *args, **kwargs)
2024-03-14T05:43:13.362172074Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362174469Z   File "/usr/local/lib/python3.11/site-packages/django/views/generic/base.py", line 104, in view
2024-03-14T05:43:13.362176963Z     return self.dispatch(request, *args, **kwargs)
2024-03-14T05:43:13.362179177Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362182614Z   File "/usr/local/lib/python3.11/site-packages/django/utils/decorators.py", line 48, in _wrapper
2024-03-14T05:43:13.362185088Z     return bound_method(*args, **kwargs)
2024-03-14T05:43:13.362187283Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362189487Z   File "/usr/local/lib/python3.11/site-packages/django/views/decorators/debug.py", line 143, in sensitive_post_parameters_wrapper
2024-03-14T05:43:13.362191831Z     return view(request, *args, **kwargs)
2024-03-14T05:43:13.362200407Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362202942Z   File "/usr/local/lib/python3.11/site-packages/dj_rest_auth/views.py", line 48, in dispatch
2024-03-14T05:43:13.362205306Z     return super().dispatch(*args, **kwargs)
2024-03-14T05:43:13.362207490Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362209654Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 509, in dispatch
2024-03-14T05:43:13.362211928Z     response = self.handle_exception(exc)
2024-03-14T05:43:13.362214042Z                ^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362216247Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 469, in handle_exception
2024-03-14T05:43:13.362218481Z     self.raise_uncaught_exception(exc)
2024-03-14T05:43:13.362220585Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
2024-03-14T05:43:13.362222879Z     raise exc
2024-03-14T05:43:13.362225053Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch
2024-03-14T05:43:13.362227377Z     response = handler(request, *args, **kwargs)
2024-03-14T05:43:13.362229511Z                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362231635Z   File "/app/apps/accounts/views.py", line 31, in post
2024-03-14T05:43:13.362233869Z     res = super().post(request, *args, **kwargs)
2024-03-14T05:43:13.362236003Z           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362238137Z   File "/usr/local/lib/python3.11/site-packages/dj_rest_auth/views.py", line 125, in post
2024-03-14T05:43:13.362240402Z     self.serializer.is_valid(raise_exception=True)
2024-03-14T05:43:13.362242546Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/serializers.py", line 227, in is_valid
2024-03-14T05:43:13.362244870Z     self._validated_data = self.run_validation(self.initial_data)
2024-03-14T05:43:13.362247054Z                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362249258Z   File "/usr/local/lib/python3.11/site-packages/rest_framework/serializers.py", line 429, in run_validation
2024-03-14T05:43:13.362251602Z     value = self.validate(value)
2024-03-14T05:43:13.362253706Z             ^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362255820Z   File "/usr/local/lib/python3.11/site-packages/dj_rest_auth/registration/serializers.py", line 160, in validate
2024-03-14T05:43:13.362300704Z     login = self.get_social_login(adapter, app, social_token, token)
2024-03-14T05:43:13.362313338Z             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362317074Z   File "/usr/local/lib/python3.11/site-packages/dj_rest_auth/registration/serializers.py", line 62, in get_social_login
2024-03-14T05:43:13.362320471Z     social_login = adapter.complete_login(request, app, token, response=response)
2024-03-14T05:43:13.362331271Z                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362335038Z   File "/usr/local/lib/python3.11/site-packages/allauth/socialaccount/providers/google/views.py", line 84, in complete_login
2024-03-14T05:43:13.362338524Z     data = self._decode_id_token(app, id_token)
2024-03-14T05:43:13.362341781Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362344335Z   File "/usr/local/lib/python3.11/site-packages/allauth/socialaccount/providers/google/views.py", line 104, in _decode_id_token
2024-03-14T05:43:13.362347040Z     return _verify_and_decode(app, id_token, verify_signature=verify_signature)
2024-03-14T05:43:13.362349615Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362352230Z   File "/usr/local/lib/python3.11/site-packages/allauth/socialaccount/providers/google/views.py", line 62, in _verify_and_decode
2024-03-14T05:43:13.362354945Z     return jwtkit.verify_and_decode(
2024-03-14T05:43:13.362357500Z            ^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-14T05:43:13.362360035Z   File "/usr/local/lib/python3.11/site-packages/allauth/socialaccount/internal/jwtkit.py", line 86, in verify_and_decode
2024-03-14T05:43:13.362362700Z     raise OAuth2Error("Invalid id_token") from e
2024-03-14T05:43:13.362365334Z allauth.socialaccount.providers.oauth2.client.OAuth2Error: Invalid id_token

[marty0678]

I've been fighting with this, this week as well. It's because the JWT is attempted to be used instantly once it's received now, and if the issued at time is even a little bit off, then it will fail. This is how I'm currently fixing it, but I'm open to better suggestions. I wonder if a PR should be opened with a better solution. iMerica/dj-rest-auth#503 (comment)