Guardian JWT is generated with the wrong time

heitorlisboa · March 12, 2022, 7:47pm

I’m building an authentication API using Phoenix, Guardian and Bcrypt, but I’m having an issue with the time present on the tokens generated by Guardian. At the same time the token was generated, my validation on the front-end was saying that the token was already expired.

To investigate, I headed to jwt.io and decoded the token that I was receiving, and saw that both the iat (issued at) and exp (expiration time) were more than 3 hours behind the time when the token was generated.

However, I noticed that if I verify this token on the same API right after generating it, it says the token is valid. That probably means that my entire Phoenix app is using the wrong time. Is there a way to fix that?

BartOtten · March 12, 2022, 8:34pm

Have you checked the time of the server/system you run the API on?

iex > Time.utc_now()

If it is off, the fix depends on your operating system.

heitorlisboa · March 12, 2022, 10:58pm

You’re right. I just checked and noticed that the problem is that I’m using Ubuntu via WSL on Windows and its time is not synced with my main operating system. I ran the command you said on both my Windows and Ubuntu terminals and they were not the same.

Now I just need to find a way to sync both systems. Thanks a lot!