Session_token gives me error "The token is not yet valid (nbc)"

For backend, I’m running python/flask using ShopifyAPI module to decode and authenticate the session_token.

shopify.session_token.decode_from_header(...)

I get a weird error MOST of the time:

shopify.session_token.SessionTokenError: The token is not yet valid (nbf)

It appears the time window of validity is in the FUTURE. Sure enough, if I sleep a little bit, it works with increasing frequency the longer I sleep. If I have my python code sleep 0.5 or 1 second it works sometimes but not always. If I have my python code sleep 3 seconds, it usually works. But of course, I don’t want to purposefully make my code slow.

What is going on here? Is it just that my computer’s time is a few seconds behind Shopify’s servers’ time? Should I just go ahead and wait 3 seconds? Should I use jwt to decode manually to check the nbf value and wait as needed?

I am getting this issue sporadically as well. Just noticed it today, but I hadn’t tested my app in a few days.

Yeah, it seems like App Bridge sets nbf to the current time according to the browser, and the Python package checks it against the current time on the server. They really need to build some leeway into it somewhere. I think this should be treated as a bug.

This is fixed in the latest version of the Python client library. Though they only gave it 10 seconds of leeway, so I’m not sure how much to trust it. Discussion (and workaround) here: https://github.com/Shopify/shopify_python_api/issues/600