JWT decode callback token exception

[handleror]

got this issue after omniauth callback results:
JWT::InvalidIatError (Invalid iat): jwt (1.5.0) lib/jwt.rb:170:indecode'
omniauth-google-oauth2 (0.2.8) lib/omniauth/strategies/google_oauth2.rb:61:in block in <class:GoogleOauth2>'

[Ashviniv]

I got the same error.I skipped JWT decoding by adding scope skip_jwt: true in the omniauth configuration file i.e omniauth.rb.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, {scope: 'email', skip_jwt: true}
end

[handleror]

Thank @Ashviniv, I just found in these issues
#195
#196
Guest it should be closed

[Shwetakale]

@Ashviniv @handleror Do you know root cause of this issue? I am facing same issue and behavior is total random. Sometimes I am successfully able to login and sometimes get this error. I observed such errors in my production log as well and those are very random or do anyone of you know reproduction steps?

[Ashviniv]

@Shwetakale As per my knowledge and the closed issue #195 omniauth-google-oauth2 uses JWT gem, which contains the ruby implementation of oauth algorithm. which internally uses JWT.decodeto ensure that an attacker cannot bypass the algorithm verification step.
It uses iat timestamp and if there is timestamp mismatch this error comes. With the option skip_jwt: true. we avoid calling JWT.decode.

I hope the Issue #195 can help you to reproduce the issue.