An Android application uses the
getToken(Context context, Account account, String scope) function from GoogleAuthUtil. The backend server has a number of situations where the token is not valid. In particular:
- Tokens are signed with a key (kid) which is not a valid key for any of the published Google certificates on any of www.googleapis.com/oauth2/v1/certs, /oauth2/v2/certs and /oauth2/v3/certs
- The “exp” parameter is pointing to Sun 18 January 1970.
It happens to real users, with real devices and with correct date set.
Does anyone know what’s going wrong and how come that GoogleAuthUtil.getToken() sometimes returns invalid token?
P.S. I’m new here, sorry if I do something wrong in this discussion group.