Skip verification of JWT's iat claim

[jameshadfield]

Closes #307

I haven't yet tested that this works (e.g. by changing my system clock) which I'll try to get to soon, unless others have nicer ways of testing this?

• Checks pass
• Create a scenario where a JWT's iat is in front of my system clock and verify this PR fixes the issue

[tsibley]

I verified this works for me to avoid the issue when I intentionally introduce a lagging clock on my local machine.

$ nextstrain logout
$ sudo timedatectl set-ntp false                # disable time sync
$ sudo timedatectl set-time "10 seconds ago"    # lag the clock
$ sudo ntpdate ntp.ubuntu.com                   # verify that manual lag worked; offset was -10s
$ sudo timedatectl set-time "10 seconds ago"    # lag again
$ nextstrain login                              # 8.4.0
…
ImmatureSignatureError: The token is not yet valid (iat)

$ /tmp/cli/nextstrain login                     # 8.5.2+git.bdfbddc (the PR build)
…
Logged in to https://nextstrain.org as trs.

[tsibley]

A changelog entry would be good.

[jameshadfield]

I verified this works for me to avoid the issue when I intentionally introduce a lagging clock on my local machine.

After a bit of googling I'm still not sure how to do this on MacOS (I think date), so thanks for testing on my behalf!

A changelog entry would be good.

Added in force push.

[tsibley]

After a bit of googling I'm still not sure how to do this on MacOS (I think date), so thanks for testing on my behalf!

The traditional Unix way is to use date -s "10 seconds ago" or similar. I'd expect that to work on macOS, though you might also need to disable time synchronization first like I had to. I know you can do that via the Settings panel, but don't know off hand how to do it from the command line. Also, you can tweak the time itself directly in the Settings panel.

[tsibley]

Releasing this as part of 8.5.3.