The scenario here is an iOS app running in the background (screen is off) downloads an ID Token from an Identity provider. The id token has an “expires at” field which is a unix timestamp one hour in the future. The ID token is verified using the open source AppAuth-iOS library here.
The id token passes several checks so we know it’s valid until I reach this check:
NSTimeInterval expiresAtDifference = [idToken.expiresAt timeIntervalSinceNow];
if (expiresAtDifference < 0) {
NSError *invalidIDToken =
[OIDErrorUtilities errorWithCode:OIDErrorCodeIDTokenFailedValidationError
underlyingError:nil
description:@"ID Token expired"];
dispatch_async(dispatch_get_main_queue(), ^{
callback(nil, invalidIDToken);
});
return;
}
This check fails which means expiresAtDifference returned a negative number when comparing the system clock to the expire time which we know is one hour in the future.
I also know the phone is otherwise using network time and this check passes during normal app usage – the phone’s clock isn’t set wrong and is using timezones and daylight savings properly.
Is there any explanation for how the Apple API timeIntervalSinceNow can be wrong when an app is backgrounded / phone asleep? Can it return 0 in any edge case like a dying battery or permission problem?
I can easily reproduce this error by disabling network time and changing the phone’s clock but this isn’t the case here. I’m really baffeled by this one.
