We’ve got a Node.js service hitting the Genesys Cloud /api/v2/users/me endpoint that started failing with 401 Unauthorized errors right after the access token expires and the refresh logic kicks in. The refresh flow itself returns a 200 OK from /api/v2/oauth/token, and the new access_token looks valid in the logs. I’m using the @genesyscloud/node-sdk and the AuthProvider handles the refresh automatically, so there’s no manual token swapping happening in our code. The issue seems to be that the servers have a slight clock skew. Our app server is synced via NTP but is running about 45 seconds ahead of the Genesys auth service. The JWT exp claim is calculated based on our local time, which means the token is technically ‘expired’ from Genesys’ perspective the moment they receive it, even though we just got it.
I tried adding a clockTolerance or similar offset in the SDK config, but I can’t find a property to adjust the token validation window or the refresh trigger threshold. Is there a way to force the SDK to refresh the token slightly earlier, say 60 seconds before expiration, to account for the skew? Or do I need to bypass the SDK’s built-in refresh and implement a custom interceptor that checks the exp claim against a trusted time source before making the request? Here’s the relevant config snippet:
const client = new PlatformClient({
clientId: process.env.GENESYS_CLIENT_ID,
clientSecret: process.env.GENESYS_CLIENT_SECRET
});
The logs show the token is refreshed at 10:00:00, but the API call at 10:00:01 fails with 401: Token expired.