Running into a weird clock skew issue with our custom OAuth handler. We’ve got a Python script that pulls a new access token using grant_type=refresh_token every hour. The response from /api/v2/oauth/token looks totally fine, returning a 200 OK with a fresh access_token and an expires_in of 3600 seconds.
Here’s the kicker. As soon as the script tries to hit /api/v2/users/me with that new token, it bombs out with a 401 Unauthorized. I’ve printed the decoded JWT payload right before the request, and the exp claim is clearly in the future. The token isn’t expired on paper.
I suspect the Genesys Cloud auth server and our Linux box are drifting apart. Our server is set to UTC, but maybe there’s a few seconds of lag that pushes the validation window off? I’ve tried adding a 10-second buffer to the local clock, but that feels like a hack. Is there a standard way to handle this drift in the SDK, or should I be forcing a re-auth via the client credentials flow instead? The docs don’t really mention clock tolerance.
requests.get(
url,
headers={'Authorization': f'Bearer {new_token}'}
)
# Response: 401