Google Cloud Authentication "activate-service-account" Problem Refreshing Auth Token

-


I just ran into this issue when adding a Google cloud auth key via the command line threw out an error about the JWT token being invalid, even though it was just created.
The command I was running was:

gcloud auth activate-service-account --key-file auth.json

The error I was receiving was:

ERROR: (gcloud.auth.activate-service-account) There was a problem refreshing your current auth tokens: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', {'error': 'invalid_grant', 'error_description': 'Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.'})

Which doesn't really tell you much, other than there's something wrong with the token.

HOWEVER, there isn't actually anything wrong with the token! The issue was that the Linux VM I was on had its time messed up, causing it to be about 8 hours in the future!
Simply fixing my VM's clock caused it to start to work.

I didn't look into the details of how activate-service-account works, but I assume it's trying to request a JWT and then the token it requests or did request makes it freak out since the clock is skewed.

Anyway, I hope this helps someone when Googling this error. 

Popular posts from this blog

Hacking Metasploitable #1: Introduction & IRC Hack [Metasploit/Linux/Exploit/How-to]

-
Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system. I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.
Continue Reading >>

Vagrant "Fuse Device Not Found" Error Fix

-
 You may come across this error while using Vagrant in WSL on Windows. It's very confusing and the Google results are not particularly helpful with fixing this specific error fuse: device not found, try 'modprobe fuse' first Cannot mount AppImage, please check your FUSE setup. You might still be able to extract the contents of this AppImage if you run it with the --appimage-extract option. See https://github.com/AppImage/AppImageKit/wiki/FUSE for more information open dir error: No such file or directory The cause of this, at least at the time of writing, is that newer versions of Vagrant (specifically 2.2.19) is broken in (some) cases, and the solution is to use an older Vagrant version (specifically 2.2.6 works for me). Download Links: https://releases.hashicorp.com/vagrant/2.2.6/  Windows MSI: https://releases.hashicorp.com/vagrant/2.2.6/vagrant_2.2.6_x86_64.msi Reference (my project): https://github.com/Marshall-Hallenbeck/red_team_attack_lab/blob/main/docs/windows_setu
Continue Reading >>

BASH scripting in Linux: an introduction [Linux]

-
I've already used a bit of BASH scripting in my Wifi sniffing tutorial, but the importance of scripting in BASH and other languages such as Perl, Ruby, and Python is so great I need to write separate posts for them all. Bash stands for "Bourne-Again Shell" (you will see "sh" stands for "shell" in many places). Named aptly for being the successor of the Bourne Shell, it came into use in 1989 and has since been a main scripting language for Linux and has many different options such as piping (seen before on my blog), variables and control structures (like all good languages), file reading, and the Unix "wildcard" usage by the asterisk (*) key. Enough about stuff I'm sure you guys don't care about, lets jump right in!
Continue Reading >>