4

While I use freezegun with google storage api, I got the following error.

google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', {'error': 'invalid_grant', 'error_description': 'Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.'})

I think ignore packages may solve the problem. Ref: https://github.com/spulec/freezegun/pull/185

Sometimes it's desired to ignore FreezeGun behaviour for particular packages (i.e. libraries). It's possible to ignore them for a single invocation:

I tried add ["google", "google.auth", "google.cloud"] in ignore list, but still got the same error.

from google.cloud import storage
import freezegun

ig_ms = ["google", "google.oauth2", "urllib3", "google.cloud"]
freezegun.configure(extend_ignore_list=ig_ms)


with freezegun.freeze_time("2017-05-21", ignore=ig_ms):
    client = storage.Client()

    print(list(client.list_buckets()))

I am confused about how to use Ignore Packages correctly. For example:

import urllib3
import freezegun

with freezegun.freeze_time("2017-05-21", ignore=['urllib3']):
    http = urllib3.PoolManager()
    resp = http.request("GET", "https://httpbin.org/robots.txt")
    print(resp.status)

whether I add urllib3 to ignore list or not, it will still raise SystemTimeWarning: System time is way off (before 2020-07-01). This will probably lead to SSL verification errors

lucemia
  • 6,349
  • 5
  • 42
  • 75

1 Answers1

0

Invalid_grant error has two common causes.

  1. Your server’s clock is not in sync with NTP. (Solution: check the server time if it's incorrect fix it. )

  2. The refresh token limit has been exceeded. (Solution: Nothing you can do they cant have more refresh tokens in use) Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. The limit for each unique pair of OAuth 2.0 client and is 25 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.

Anomic
  • 1
  • 1