Token is older than max-age

I am trialing the Pro version of Metabase for embedding and SSO JWT into our SAAS app. I have managed to show the MB homepage in an iframe. If I navigate away after 3 minutes and back, I get "Token is older than max-age (180)"

This is response to my request:
{"type":"clojure.lang.ExceptionInfo","message":"Token is older than max-age (180)","data":{"type":"validation","cause":"max-age","status-code":401},"at":["metabase_enterprise.sso.integrations.jwt$login_jwt_user$fn__82196","invoke","jwt.clj",80]}

In the MB log file:
2022-09-28T15:50:47+02:00 ERROR metabase-enterprise.sso.api.sso Error returning SSO entry point

We're running on AWS beanstalk with the following environment variables:
MB_DB_xxx
MB_SESSION_COOKIE_SAMESITE=None.

I'm running our web app (front and backend) on my machine so it is localhost and the JWT our backend issues only expires in 4 hours.

I am not sure where the 3 minutes / 180 seconds is coming from?

Hi @Derren

You should use the support email when using the Pro/Enterprise plans.

The login JWT token should only be valid for a few seconds (by default 180 seconds), since the login is only done in the beginning, then a session is created, which the user will use. From that point only the session is used when the user moves around in Metabase.
I'm guessing that you are including iat parameter in the JWT, which is fine, but if you're never updating that if user tries to re-login, then that's where you're problem comes from.

1 Like

Thank you @flamber. Ah okay, will look into that.

Will contact support in the future.