Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expiration time' claim ('exp') is too far in the future #178

Open
nicolalunghi-xlnx opened this issue Oct 9, 2024 · 2 comments
Open

Expiration time' claim ('exp') is too far in the future #178

nicolalunghi-xlnx opened this issue Oct 9, 2024 · 2 comments

Comments

@nicolalunghi-xlnx
Copy link

nicolalunghi-xlnx commented Oct 9, 2024

Run actions/create-github-app-token@v1
  with:
    github-api-url: https://gitenterprise.company.com/api/v3
    app-id: 99
    private-key: ***
    owner: ******
repositories not set, creating token for all repositories for given owner "ORG"
Failed to create token for "ORG" (attempt 1): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@3.10/rest
Failed to create token for "ORG" (attempt [2](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:2)): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@[3](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:3).10/rest
Failed to create token for "ORG" (attempt 3): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@3.10/rest
Failed to create token for "ORG" (attempt 4): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@3.10/rest
RequestError [HttpError]: 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@3.10/rest
    at fetchWrapper (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37109:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async hook4 (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39476:18)
    at async getTokenFromOwner (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39769:20)
    at async RetryOperation._fn (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39667:24) {
  status: 401,
  request: {
    method: 'GET',
    url: 'https://gitenterprise.company.com/api/v3/orgs/ORG/installation',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/create-github-app-token',
      authorization: 'bearer [REDACTED]'
    },
    request: { hook: [Function: bound hook[4](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:4)] AsyncFunction }
  },
  response: {
    url: 'https://gitenterprise.company.com/api/v3/orgs/ORG/installation',
    status: 401,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-length': '144',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Wed, 09 Oct 2024 16:26:12 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31[5](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:5)36000; includeSubdomains',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-enterprise-version': '3.10.15',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'f8738f9[6](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:6)-1cd8-49f1-[8](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:9)1b8-b4ffa240565c',
      'x-xss-protection': '0'
    },
    data: {
      message: "'Expiration time' claim ('exp') is too far in the future",
      documentation_url: 'https://docs.github.com/enterprise-server@3.10/rest'
    }
  },
  attemptNumber: 4,
  retriesLeft: 0
}
Error: 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@3.10/rest
@nicolalunghi-xlnx
Copy link
Author

Any idea why I'm getting this? I've checked the runner time and date and is correct.
If I regenerate the certificate the first time this succeed, then start to fail again.

@dhrapson
Copy link

Solved for us by correcting the time on the requesting VM. If the machine clock ahead of reality then the token request is effectively for maximum_time_allowed + time_vm_clock_is_ahead, so the request gets rejected by GitHub

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants