loginWithCustomerLoginJwt failing to login

[MattyyttaM]

I'm testing the token based login in /login/token/[token] that uses the loginWithcustomerLoginJwt GraphQL mutation, but I keep getting an error with message "Invalid login. Please attempt to log in again."

I've tried this on multiple stores, using the GraphQL playground, my own headless implementation and as well Catalyst.

To generate the JWT I'm using the generateCustomerLoginApiJwt function provided in customer-login-api, in both my own and cataylst headless applications, using a page route to get the token, which I can then copy and paste in for the token end point and the GraphQL playground.

I've also tried getting the timestamp from BigCommerce using the API call, just incase this was an issue.

I can provide more details as required, I'm just not really sure what the issue is as the error response is pretty vague.

[bookernath]

The most likely cause of this is clock skew; if your local system clock (or the clock where the JWT generation is happening) is out of sync, JWT validation will fail on our server side due to a timestamp mismatch. Customer Login JWTs must be used within +30 seconds from the iat, as measured by our system clock.

You might try synchronizing your clock, or as a hack just set the iat perhaps 5 seconds in the past (to ensure the token was not generated in the future from the server perspective). You can also request the BC system time from our API using /v2/time if you want to have some guarantees.

[MattyyttaM]

I've already done this, to eliminate that as an issue prior to opening this discussion, and I still get the error of not being able to login.

It doesn't help that the error from the mutation isn't clear on what exactly is wrong with the token.

Any other suggestions?