This indicates that a signed token request, sent to Ably to request a token, is too old. The timestamp checks within the Ably service ensures that a signed token request can only be used for a limited time period thus limiting the possibility of a token request being intercepted and used later by the unintended client.
Things you should check which may be causing this problem:
- The local time of the auth server generating the signed token request (in some cases this can be the original client if it is generating its own tokens) is correct. If you are unable to ensure your server's clock is in sync, then you should set the queryTime ClientOptions attribute to true when instancing the Ably client library on your server. This will ensure Ably's server time is used for all signed token requests created.
- You should not cache the signed token requests you send to clients, either on your auth server or on the client. Each token request must be used once, and must be used ~immediately. That means that every time the SDK calls the authCallback or makes a request to the authUrl, it expects to get a fresh token request (or token), newly generated by your auth server, specifically for that client.
If you've gone through the list above and are still getting this error, try to get a debug-level log of the generation of a token request, and contact us for more help.