Token Must Be a Short-Lived Token and in a Reasonable Timeframe

Token must be a short-lived token and in a reasonable timeframe

I stumbled upon the same issue at roughly the same time, so I expected a generic bug of Google but here is what had happened on my computer :

raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT: Token must be a short-lived token and in a reasonable timeframe

was caused in my case by a poor synchronisation of the computer's clock where the code was executed that had a lag of 5 minutes (due to a faulty battery for the internal clock). It started working again when I manually changed the internal time of my computer to the correct one.

This solution was mentionned here, but not with the full error message

Google Client Invalid JWT: Token must be a short-lived token

Invalid_grant error has two common causes:

Your server’s clock is not in sync with NTP.
Solution: Check the server time. If it's incorrect, fix it.
The refresh token limit has been exceeded.
Solution: Nothing you can do - they can't have more refresh tokens in use.
Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.
The limit for each unique pair of OAuth 2.0 client and is 50 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.

Update

Applications in testing phase have their refresh tokens revoked after seven days. Go to Google cloud console for your project and under oauth2 set it to production.

Error: invalid_grant , Description: Invalid JWT: Token must be a short-lived token and in a reasonable timeframe , Uri:

Invalid grant

When you try to use a refresh token, the following returns you an invalid_grant error:

Your server's clock is not in sync with network time protocol - NTP.

The refresh token limit has been exceeded.

First, kindly check the synchronization problem with the server clock, see the poor synchronization of the computer's clock answer for additional information. Second, check handling of refresh token and the old tokens. Some flows include additional steps, such as using refresh tokens to acquire new access tokens. For detailed information about flows for various types of applications, see Google's OAuth 2.0 documentation.

Hope this helps!

Invalid JWT when trying to use google cloud Text-to-Speech API

One of the primary reasons that I've seen in JWT tokens is the server generating the token is out of sync with the client to which it is trying to communicate to.

Could you please ensure that your system's time is in sync and also is configured to keep itself updated to a NTP server ?

oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT

invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe.

This is caused by poor synchronisation of the computer's clock where the code was executed that had a lag of 5 minutes or more. The error means that the token is not valid and its not valid because the time on the PI is different then the actual time. I know that you say you are checking NTP but I suggest you check timezone as well.

I know this is a PI so debugging is probably limited but try outputting your id token and decryption its a jwt you should be able to see the iat and exp values. It might help you figure out what time it thinks it is.

Token Must Be a Short-Lived Token and in a Reasonable Timeframe