3

I'm trying to generate an access token for my GitHub App via GitHub API.

I'm getting a 401 unauthorized response error:

expiration time' claim ('exp') is too far in the future

My code:

const now = Date.now()
const expiration = now + 60 * 10 // JWT expiration time (10 minute maximum)

const payload = {
  iat: now
  exp: expiration,
  iss: appId
}

const jwt = jwtGenerator(payload, privatePem, { algorithm: "RS256" })

Github documentation - https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/

Improve this question
2
  • which package you use for jwtGenerator in nodeJS? Commented May 13, 2020 at 9:58
  • "jsonwebtoken": "^8.5.1". jwtGenerator its just a function which wrap the sign function of jsonwebtoken Commented May 13, 2020 at 10:55

2 Answers 2

Reset to default
3

I figured out what was the problem.

The times on different machine were not in sync. To solve that I set the iat time 30 secs in the past (I tried different time span but it turned out that 30 sec works the best).

const now = Math.floor(Date.now() / 1000) - 30
const expiration = now + 60 * 10 // JWT expiration time (10 minute maximum)

const payload = {
  iat: now,
  exp: expiration,
  iss: appId
}

const jwt = jwtGenerator(payload, privatePem, { algorithm: "RS256" })
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Github might be expecting an epoch time in seconds under exp. If you look at the ruby example they use Time.now.to_i which returns an epoch time in seconds. Javascript's Date.now() returns an epoch time in milliseconds which is too large, you should try dividing Date.now() by 1000, for example:

const now = (Date.now() / 1000)
const expiration = now  + (60 * 10) // JWT expiration time (10 minute maximum)

const payload = {
  iat: now
  exp: expiration,
  iss: appId
}

const jwt = jwtGenerator(payload, privatePem, { algorithm: "RS256" })

The documentation for jsonwebtoken specifically mentions:

IEEE Std 1003.1, 2013 Edition [POSIX.1] definition "Seconds Since the Epoch"

Using divide by 1000 and Math.floor for proper integer conversion - I was able to get GithubAPI to work with the jwt.sign.

Improve this answer

1 Comment

good idea, I tried this also, but it seems like this is not the problem, they are working with both formats

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.