Why am I seeing 'Token is Invalid'?

If you're seeing 'Token is Invalid' when you try to authenticate users via other providers (such as Facebook or Google), the first thing you should do is check your system time
When we construct a request to the /oauth/token endpoint, we expect an access and refresh token response. The /oauth/token endpoint has a threshold of +/- one minute. So, if your system time is off by as little as one minute, the JWT request for the access and refresh tokens may have an expiration time that is in the past. This expiration time is dependent upon your system time, so double check to make sure that is correct. 
Please reach out to us at support@stormpath.com if you have any further questions. 
Have more questions? Submit a request



Please sign in to leave a comment.