create-github-app-token icon indicating copy to clipboard operation
create-github-app-token copied to clipboard
verified publisher icon actions

Expiration time' claim ('exp') is too far in the future

Open nicolalunghi-xlnx opened this issue 1 year ago • 2 comments 

Run actions/create-github-app-token@v1
  with:
    github-api-url: https://gitenterprise.company.com/api/v3
    app-id: 99
    private-key: ***
    owner: ******
repositories not set, creating token for all repositories for given owner "ORG"
Failed to create token for "ORG" (attempt 1): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/[email protected]/rest
Failed to create token for "ORG" (attempt [2](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:2)): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/enterprise-server@[3](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:3).10/rest
Failed to create token for "ORG" (attempt 3): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/[email protected]/rest
Failed to create token for "ORG" (attempt 4): 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/[email protected]/rest
RequestError [HttpError]: 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/[email protected]/rest
    at fetchWrapper (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37109:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async hook4 (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39476:18)
    at async getTokenFromOwner (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39769:20)
    at async RetryOperation._fn (/disk/runners/1/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39667:24) {
  status: 401,
  request: {
    method: 'GET',
    url: 'https://gitenterprise.company.com/api/v3/orgs/ORG/installation',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/create-github-app-token',
      authorization: 'bearer [REDACTED]'
    },
    request: { hook: [Function: bound hook[4](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:4)] AsyncFunction }
  },
  response: {
    url: 'https://gitenterprise.company.com/api/v3/orgs/ORG/installation',
    status: 401,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-length': '144',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Wed, 09 Oct 2024 16:26:12 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31[5](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:5)36000; includeSubdomains',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-enterprise-version': '3.10.15',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'f8738f9[6](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:6)-1cd8-49f1-[8](https://gitenterprise.company.com/ORG/myrepo-sw/actions/runs/440922/job/966528#step:5:9)1b8-b4ffa240565c',
      'x-xss-protection': '0'
    },
    data: {
      message: "'Expiration time' claim ('exp') is too far in the future",
      documentation_url: 'https://docs.github.com/[email protected]/rest'
    }
  },
  attemptNumber: 4,
  retriesLeft: 0
}
Error: 'Expiration time' claim ('exp') is too far in the future - https://docs.github.com/[email protected]/rest

nicolalunghi-xlnx avatar Oct 09 '24 16:10 nicolalunghi-xlnx

Any idea why I'm getting this? I've checked the runner time and date and is correct. If I regenerate the certificate the first time this succeed, then start to fail again.

nicolalunghi-xlnx avatar Oct 09 '24 16:10 nicolalunghi-xlnx

Solved for us by correcting the time on the requesting VM. If the machine clock ahead of reality then the token request is effectively for maximum_time_allowed + time_vm_clock_is_ahead, so the request gets rejected by GitHub

dhrapson avatar Dec 25 '24 09:12 dhrapson

Solved for us by correcting the time on the requesting VM. If the machine clock ahead of reality then the token request is effectively for maximum_time_allowed + time_vm_clock_is_ahead, so the request gets rejected by GitHub

Sounds like this is likely the solution, so I'm going to close this issue. Feel free to comment if this solution doesn't solve the problem, and I'll re-open the issue.

parkerbxyz avatar Nov 22 '25 00:11 parkerbxyz