In a JWT token the "nbf" (Not Before) Claim is date/time sensitive. The OS date/time is used to verify the validity of the Claim.
When logging in using the Kubernetes Auth method and presenting a valid JWT token, an error indicating that the JWT token is not yet valid is returned.
URL: PUT https://127.0.0.1:8200/v1/auth/k8/login Code: 403. Errors: * invalid not before (nbf) claim: token not yet valid
Using a JWT decoder, for example jwt.io, it is determined that the JWT token does have a valid "not before (nbf) claim".
The date/time on the server and client appear to be correct when doing a basic check using the "date" command. However, on finer inspection it is discovered that the time is not fully synchronised utilising NTP or other appropriate time synchronisation method, as is recommended in the Vault Production Hardening guidelines under the sub-heading of Synchronized Clocks.
Ensure that a suitable time synchronisation system, for example NTP, is configured to ensure correct and consistent time synchronisation across servers and clients.
With time fully synchronised in the environment the JWT token login is successful.