Google Cloud Authentication "activate-service-account" Problem Refreshing Auth Token


I just ran into this issue when adding a Google cloud auth key via the command line threw out an error about the JWT token being invalid, even though it was just created.
The command I was running was:

gcloud auth activate-service-account --key-file auth.json

The error I was receiving was:

ERROR: (gcloud.auth.activate-service-account) There was a problem refreshing your current auth tokens: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', {'error': 'invalid_grant', 'error_description': 'Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.'})

Which doesn't really tell you much, other than there's something wrong with the token.

HOWEVER, there isn't actually anything wrong with the token! The issue was that the Linux VM I was on had its time messed up, causing it to be about 8 hours in the future!
Simply fixing my VM's clock caused it to start to work.

I didn't look into the details of how activate-service-account works, but I assume it's trying to request a JWT and then the token it requests or did request makes it freak out since the clock is skewed.

Anyway, I hope this helps someone when Googling this error. 

Popular posts from this blog

[OLD] So you want to use Backtrack 5? [With Pictures/Windows/Mac/Linux]

How to Unfollow Blogs or "Reading List" on Google [Non-Technical]