This indicates that a signed token request, sent to Ably to request a token, is too old. The timestamp checks within the Ably service ensures that a signed token request can only be used for a limited time period thus limiting the possibility of a token request being intercepted and used later by the unintended client.
Things you should check which may be causing this problem:
- The local time of the auth server generating the signed token request (in some cases this can be the original client if it is generating its own tokens) is correct. If you are unable to ensure your server's clock is in sync, then you should set the queryTime ClientOptions attribute to true when instancing the Ably client library on your server. This will ensure Ably's server time is used for all signed token requests created.
- You should not cache the signed token requests you send to clients, either on your auth server or on the client. Each token request must be used once, and must be used ~immediately. That means that every time the SDK calls the authCallback or makes a request to the authUrl, it expects to get a fresh token request (or token), newly generated by your auth server, specifically for that client.
-
Are you using Next.js 13 and generating the tokenRequest within the app router ? If so the request will be cached and respond with the same tokenRequest each time. One solution is to disable segment-level caching by setting revalidate to 0
If you've gone through the list above and are still getting this error, try to get a debug-level log of the generation of a token request, and contact us for more help.