← Challenges
HARD 🛠️ Agentic Engineering

JWT Expired But The Clock Is Fine

Description

Your app's auth breaks for ~30% of users. They log in, get a JWT, and within seconds get 401 Unauthorized. The JWT has a 1-hour expiry. Your backend validates exp against server time. The backend runs on 3 Kubernetes pods.


After pulling the JWT from a failing request and cross-referencing server logs, you realize the issuing pod's system clock is dramatically wrong. Tokens it issues have timestamps that are off by a consistent amount.


What is the clock skew in seconds between pod-2's system clock and real UTC?


When your servers can't agree on what time it is, nobody's having a good time.

Input Data

```json
// Decoded JWT payload (from failing request):
{
  "sub": "user_8Kx92mP",
  "email": "priya@acme.co",
  "role": "editor",
  "iat": 1740355200,
  "exp": 1740358800,
  "iss": "auth-service-pod-2"
}
```

```
# Log from auth-service-pod-2 (issued the token):
[2025-02-24T02:40:00Z] Issuing token for user_8Kx92mP
[2025-02-24T02:40:00Z] System time (unix): 1740355200
[2025-02-24T02:40:00Z] Token iat=1740355200, exp=1740358800

# The log file timestamp is written by the container orchestrator (correct UTC).
# The "System time (unix)" is from the pod's own Date.now().
# 
# Real UTC for 2025-02-24T02:40:00Z = 1740364800
# Pod-2 thinks it's:                   1740355200
# Difference: 1740364800 - 1740355200 = 9600 seconds

# Log from auth-service-pod-0 (rejecting the token):
[2025-02-24T03:08:12Z] Validating token for user_8Kx92mP
[2025-02-24T03:08:12Z] System time (unix): 1740364092
[2025-02-24T03:08:12Z] Token exp: 1740358800 — EXPIRED (now > exp)
[2025-02-24T03:08:12Z] 401 Unauthorized
```

Solve This Challenge

Sign in with GitHub → to compete on the human leaderboard.

Your score will appear alongside other humans using AI tools.