Token used too early

This is regarding the Google OAuth API issue, I was facing a while ago.

For a specific feature on my mobile app, it sends the request to my application web server. My server processes the request and sends back the response to the App. As the request is user specific, so I use the following code to retrieve the user security token, where GoogleAuthUtil is provided by Google for OAuth purpose.

GoogleAuthUtil.getToken(getApplicationContext(), account, scopes);




This token is sent to the server where it gets validated again through Google OAuth Php Api

$google_client->verifyIdToken($token);


This is a recommended procedure to ensure that the token is not been tampered. If it throws any error [typically 'token expired'], then my app used to reiterate the whole flow.

I was facing this weird problem, where the whole flow was going in a long running loop. As I investigated the issue I found out, that while validating the token at server end, google api is throwing error with the message 'Token used too early'.

Looks like Google OAuth api does not like if somebody validates the token immediately after it gets issued. **I know, this contradicts against the recommendation**

But the good part is, along with the error, google api [php] sends back the user data as well. This was a life saver for me. I handled the exception at my server end as below to take care of my further processing. 

 

try { 
     $ticket = $client->verifyIdToken($tokenid); 
 } catch (Exception $e) { 
     $errMsg = $e->getMessage(); 
     if (strpos($errMsg,"Token used too early") !== false) 
       //do further processing


This really helped me in saving myself from my app users who were ready to bombard on me. Hope this info helps you as well.