MFI Technology MFI Home

Get In Touch

Prefer using email? Say hi at

Fixing system clock drift on WSL2

Our Issue

We have been running into invalid iat’s (issued-at time) on our Google Oauth 2 JWT’s in an internal Rails app when testing locally via WSL2. There are also plenty of reports of people getting something similar on stackoverflow and Github issues. Many of the proposed solutions involved setting the skip-jwt flag to true on our google_oauth2 integration, but this seemed uneccesary since our application worked fine in production and most of the time when testing locally. Having an incorrect system time can cause all sorts of problems with some of the most common security protocols, so even if a code tweak would ‘fix’ our app it would not solve the underlying problem.

At MovementForward, all of our development is done on Windows 10 computers with Docker and Ubuntu running on WSL2. While investigating the time drift, I found a solution to the issue on github:

It looks like this is a bug within WSL2 involving the way the clock in WSL2 runs during sleep and is being actively worked on.

To correct your clock, just use sudo hwclock -s within the linux terminal or wsl --shutdown from CMD/powershell to force WSL2 to restart on your next session.