Open ID Connect authorisation only works after a delay


#1

Hi Folks

I’ve tested this a number of times and am convinced something is wrong.
I am working on a POC with a Tyk Gateway installed on my laptop and using a simple API which proxies through to a single endpoint (the BBC webpage as it happens).
I am testing various authentication methods but mostly Open ID connect.
I am using Auth0 as my auth provider and Open ID Connect playground for testing.
I happily generate an authentication token and the use both curl and postman to send the request to Tyk with the token in the Authorisation header.

It initially fails to authorise the token. The error in the logs is the unhelpful :

" [Apr 16 04:12:29] WARN openid: JWT Invalid: Validation error. Jwt token validation failed with unknown error.

[Apr 16 04:12:29] WARN openid: Attempted access with invalid key. key=[JWT]"

However after about 15 min it suddenly starts working from both curl and postman. I have tested it numerous times with the same result. Anybody have any ideas why this delay is happening.


#2

Hi,

The problem you are facing is because of clock skew between the issuing party (An OpenID/OAuth provider) and the validating party (Tyk).

Here is the link that describes ways to tackle this problem
https://tyk.io/docs/security/your-apis/json-web-tokens/#avoiding-clock-skew

Thanks
Komal