This indicates that a signed token request, sent to Ably to request a token, is too old. The timestamp checks within the Ably service ensures that a signed token request can only be used for a limited time period thus limiting the possibility of a token request being intercepted and used later by the unintended client.
Things you should check which may be causing this problem:
- The local time of the auth server generating the signed token request (in some cases this can be the original client if it is generating its own tokens) is correct. If you are unable to ensure your server's clock is in sync, then you should set the queryTime ClientOptions attribute to true when instancing the Ably client library on your server. This will ensure Ably's server time is used for all signed token requests created.
- You should not cache the signed token requests you send to clients. Each token request must be unique.
- Check that your client is obtaining a new token request each time the authCallback or authUrl is being used. We have often seen customers mistakenly cache the token request between authCallback calls.
If you've gone through the list above and are still getting this error, try to get a debug-level log of the generation of a token request, and contact us for more help.