The token is not yet valid (iat)

Hi

I keep getting the error: The token is not yet valid (iat)
In the hub logs I get the following line

[D 2024-06-17 07:05:20.835 JupyterHub handlers:416] Initial launch request args are {'id_token': 'eyJ0eXAiOiJKV....', 'state': 'eyJzdG...'}

the log date shows 2024-06-17 07:05:20.835 but when I decode the id_token the iat shows 2024-06-17 09:05:20.835
The hub timezone is two hours behind!
Is this causing the problem? where does this come from?
My authentication method is LTI1.3

I was wondering how I can fix it.

best

Update:

I changed the timezone in the hub and single users, but still getting the same error. The problem seems to be 1 or 2 seconds difference (if I use 3G in the network devtools) it works!
Where in the code, is iat for jwt id_token set? I think we should subtract a couple of few seconds.

best

It sounds like it’s a common enough problem that there’s a parameter to set it!

Thanks for your response. How should I override this? Should I directly modify the source code and change this line? should I put a negative value or positive?

Is there any way to avoid this by using something like in the values.yaml:

class SomeCustomClass(LTI13Authenticator???):
    # change time_leeway here by overriding __init__
    # or sleep for a few seconds in the responsible function
    def some_responsible_function(self, *args, **kwargs):
        time.sleep(3)
        return super().some_responsible_function(*args, **kwargs)
          
c.JupyterHub.relavant_class = SomeCustomClass

I was wondering what class & functions are responsible for initializing id_token and validating it?

best