torusresearch · himanshuchawla009 · Mar 5, 2024 · Mar 4, 2024 · Mar 4, 2024 · Mar 4, 2024
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -45,6 +45,7 @@
     "@types/json-stable-stringify": "^1.0.36",
     "@types/jsonwebtoken": "^9.0.5",
     "@types/mocha": "^10.0.6",
+    "@types/sinon": "^17.0.3",
     "chai": "^4.3.10",
     "cross-env": "^7.0.3",
     "dotenv": "^16.3.1",
@@ -56,6 +57,7 @@
     "mocha": "^10.2.0",
     "prettier": "^3.1.0",
     "rimraf": "^5.0.5",
+    "sinon": "^17.0.1",
     "ts-node": "^10.9.1",
     "typescript": "^5.3.2"
   },

diff --git a/src/helpers/common.ts b/src/helpers/common.ts
@@ -1,7 +1,7 @@
 import { Ecies } from "@toruslabs/eccrypto";
 import JsonStringify from "json-stable-stringify";
 
-import { EciesHex, VerifierLookupResponse } from "../interfaces";
+import { EciesHex, LegacyVerifierLookupResponse, VerifierLookupResponse } from "../interfaces";
 
 // this function normalizes the result from nodes before passing the result to threshold check function
 // For ex: some fields returns by nodes might be different from each other
@@ -25,6 +25,26 @@ export const normalizeKeysResult = (result: VerifierLookupResponse) => {
   return finalResult;
 };
 
+// this function normalizes the result from nodes before passing the result to threshold check function
+// For ex: some fields returns by nodes might be different from each other
+// like key_index which may differ on sapphire_network for each queried node
+export const normalizeLegacyKeysResult = (result: LegacyVerifierLookupResponse) => {
+  const finalResult: Pick<LegacyVerifierLookupResponse, "keys"> = {
+    keys: [],
+  };
+  if (result && result.keys && result.keys.length > 0) {
+    const finalKey = result.keys[0];
+    finalResult.keys = [
+      {
+        pub_key_X: finalKey.pub_key_X,
+        pub_key_Y: finalKey.pub_key_Y,
+        address: finalKey.address,
+      },
+    ];
+  }
+  return finalResult;
+};
+
 export const kCombinations = (s: number | number[], k: number): number[][] => {
   let set = s;
   if (typeof set === "number") {

diff --git a/src/helpers/nodeUtils.ts b/src/helpers/nodeUtils.ts
@@ -27,7 +27,7 @@ import {
 } from "../interfaces";
 import log from "../loglevel";
 import { Some } from "../some";
-import { kCombinations, normalizeKeysResult, thresholdSame } from "./common";
+import { kCombinations, normalizeKeysResult, normalizeLegacyKeysResult, thresholdSame } from "./common";
 import { generateAddressFromPrivKey, generateAddressFromPubKey, keccak256 } from "./keyUtils";
 import { lagrangeInterpolation } from "./langrangeInterpolatePoly";
 import { decryptNodeData, getMetadata, getOrSetNonce } from "./metadataUtils";
@@ -50,6 +50,7 @@ export const GetPubKeyOrKeyAssign = async (params: {
         extended_verifier_id: extendedVerifierId,
         one_key_flow: true,
         fetch_node_index: true,
+        client_time: Math.floor(Date.now() / 1000).toString(),
       }),
       null,
       { logTracingHeader: config.logRequestTracing }
@@ -92,6 +93,7 @@ export const GetPubKeyOrKeyAssign = async (params: {
       }
     }
 
+    const serverTimeOffsets: number[] = [];
     // nonceResult must exist except for extendedVerifierId and legacy networks along with keyResult
     if ((keyResult && (nonceResult || extendedVerifierId || LEGACY_NETWORKS_ROUTE_MAP[network as TORUS_LEGACY_NETWORK_TYPE])) || errorResult) {
       if (keyResult) {
@@ -105,10 +107,14 @@ export const GetPubKeyOrKeyAssign = async (params: {
               const nodeIndex = parseInt(x1.result.node_index);
               if (nodeIndex) nodeIndexes.push(nodeIndex);
             }
+            const serverTimeOffset = x1.result.server_time_offset ? parseInt(x1.result.server_time_offset, 10) : 0;
+            serverTimeOffsets.push(serverTimeOffset);
           }
         });
       }
-      return Promise.resolve({ keyResult, nodeIndexes, errorResult, nonceResult });
+
+      const serverTimeOffset = Math.max(...serverTimeOffsets);
+      return Promise.resolve({ keyResult, serverTimeOffset, nodeIndexes, errorResult, nonceResult });
     }
     return Promise.reject(
       new Error(
@@ -139,7 +145,6 @@ export async function retrieveOrImportShare(params: {
 }): Promise<TorusKey> {
   const {
     legacyMetadataHost,
-    serverTimeOffset,
     enableOneKey,
     ecCurve,
     allowHost,
@@ -151,6 +156,7 @@ export async function retrieveOrImportShare(params: {
     idToken,
     importedShares,
     extraParams,
+    serverTimeOffset,
   } = params;
   await get<void>(
     allowHost,
@@ -285,6 +291,7 @@ export async function retrieveOrImportShare(params: {
                 },
               ],
               one_key_flow: true,
+              client_time: Math.floor(Date.now() / 1000).toString(),
             }),
             null,
             { logTracingHeader: config.logRequestTracing }
@@ -306,6 +313,7 @@ export async function retrieveOrImportShare(params: {
                   ...extraParams,
                 },
               ],
+              client_time: Math.floor(Date.now() / 1000).toString(),
               one_key_flow: true,
             }),
             null,
@@ -317,7 +325,14 @@ export async function retrieveOrImportShare(params: {
       let thresholdNonceData: GetOrSetNonceResult;
       return Some<
         void | JRPCResponse<ShareRequestResult>,
-        | { privateKey: BN; sessionTokenData: SessionToken[]; thresholdNonceData: GetOrSetNonceResult; nodeIndexes: BN[]; isNewKey: boolean }
+        | {
+            privateKey: BN;
+            sessionTokenData: SessionToken[];
+            thresholdNonceData: GetOrSetNonceResult;
+            nodeIndexes: BN[];
+            isNewKey: boolean;
+            serverTimeOffsetResponse?: number;
+          }
         | undefined
       >(promiseArrRequest, async (shareResponses, sharedState) => {
         // check if threshold number of nodes have returned the same user public key
@@ -377,6 +392,7 @@ export async function retrieveOrImportShare(params: {
           const nodeIndexes: BN[] = [];
           const sessionTokenData: SessionToken[] = [];
           const isNewKeyResponses: string[] = [];
+          const serverTimeOffsetResponses: string[] = [];
 
           for (let i = 0; i < completedRequests.length; i += 1) {
             const currentShareResponse = completedRequests[i] as JRPCResponse<ShareRequestResult>;
@@ -387,9 +403,11 @@ export async function retrieveOrImportShare(params: {
               session_token_sig_metadata: sessionTokenSigMetadata,
               keys,
               is_new_key: isNewKey,
+              server_time_offset: serverTimeOffsetResponse,
             } = currentShareResponse.result;
 
             isNewKeyResponses.push(isNewKey);
+            serverTimeOffsetResponses.push(serverTimeOffsetResponse);
 
             if (sessionTokenSigs?.length > 0) {
               // decrypt sessionSig if enc metadata is sent
@@ -513,13 +531,22 @@ export async function retrieveOrImportShare(params: {
           }
           const thresholdIsNewKey = thresholdSame(isNewKeyResponses, ~~(endpoints.length / 2) + 1);
 
-          return { privateKey, sessionTokenData, thresholdNonceData, nodeIndexes, isNewKey: thresholdIsNewKey === "true" };
+          // Convert each string timestamp to a number
+          const serverOffsetTimes = serverTimeOffsetResponses.map((timestamp) => parseInt(timestamp, 10));
+          return {
+            privateKey,
+            sessionTokenData,
+            thresholdNonceData,
+            nodeIndexes,
+            isNewKey: thresholdIsNewKey === "true",
+            serverTimeOffsetResponse: serverTimeOffset || Math.max(...serverOffsetTimes),
+          };
         }
         throw new Error("Invalid");
       });
     })
     .then(async (res) => {
-      const { privateKey, sessionTokenData, thresholdNonceData, nodeIndexes, isNewKey } = res;
+      const { privateKey, sessionTokenData, thresholdNonceData, nodeIndexes, isNewKey, serverTimeOffsetResponse } = res;
       let nonceResult = thresholdNonceData;
       if (!privateKey) throw new Error("Invalid private key returned");
       const oAuthKey = privateKey;
@@ -538,7 +565,7 @@ export async function retrieveOrImportShare(params: {
         finalPubKey = ecCurve.keyFromPublic({ x: oAuthPubkeyX, y: oAuthPubkeyY }).getPublic();
       } else if (LEGACY_NETWORKS_ROUTE_MAP[network as TORUS_LEGACY_NETWORK_TYPE]) {
         if (enableOneKey) {
-          nonceResult = await getOrSetNonce(legacyMetadataHost, ecCurve, serverTimeOffset, oAuthPubkeyX, oAuthPubkeyY, oAuthKey, !isNewKey);
+          nonceResult = await getOrSetNonce(legacyMetadataHost, ecCurve, serverTimeOffsetResponse, oAuthPubkeyX, oAuthPubkeyY, oAuthKey, !isNewKey);
           metadataNonce = new BN(nonceResult.nonce || "0", 16);
           typeOfUser = nonceResult.typeOfUser;
           if (typeOfUser === "v2") {
@@ -621,6 +648,7 @@ export async function retrieveOrImportShare(params: {
           nonce: metadataNonce,
           typeOfUser,
           upgraded: isUpgraded,
+          serverTimeOffset: serverTimeOffsetResponse,
         },
         nodesData: {
           nodeIndexes: nodeIndexes.map((x) => x.toNumber()),
@@ -636,6 +664,7 @@ export const legacyKeyLookup = async (endpoints: string[], verifier: string, ver
       generateJsonRPCObject("VerifierLookupRequest", {
         verifier,
         verifier_id: verifierId.toString(),
+        client_time: Math.floor(Date.now() / 1000).toString(),
       })
     ).catch((err) => log.error("lookup request failed", err))
   );
@@ -646,11 +675,25 @@ export const legacyKeyLookup = async (endpoints: string[], verifier: string, ver
       ~~(endpoints.length / 2) + 1
     );
     const keyResult = thresholdSame(
-      lookupShares.map((x3) => x3 && x3.result),
+      lookupShares.map((x3) => x3 && normalizeLegacyKeysResult(x3.result)),
       ~~(endpoints.length / 2) + 1
     );
+
+    const serverTimeOffsets: number[] = [];
+    // nonceResult must exist except for extendedVerifierId and legacy networks along with keyResult
+    if (keyResult) {
+      lookupResults.forEach((x1) => {
+        if (x1 && x1.result) {
+          const timeOffSet = x1.result.server_time_offset;
+          const serverTimeOffset = timeOffSet ? parseInt(timeOffSet, 10) : 0;
+          serverTimeOffsets.push(serverTimeOffset);
+        }
+      });
+    }
+
+    const serverTimeOffset = Math.max(...serverTimeOffsets);
     if (keyResult || errorResult) {
-      return Promise.resolve({ keyResult, errorResult });
+      return Promise.resolve({ keyResult, errorResult, serverTimeOffset });
     }
     return Promise.reject(new Error(`invalid results ${JSON.stringify(lookupResults)}`));
   });

diff --git a/src/interfaces.ts b/src/interfaces.ts
@@ -39,6 +39,7 @@ export interface TorusCtorOptions {
 
 export interface LegacyVerifierLookupResponse {
   keys: { pub_key_X: string; pub_key_Y: string; address: string }[];
+  server_time_offset?: string;
 }
 
 export interface VerifierLookupResponse {
@@ -51,6 +52,7 @@ export interface VerifierLookupResponse {
   }[];
   is_new_key: boolean;
   node_index: string;
+  server_time_offset?: string;
 }
 
 export interface CommitmentRequestResult {
@@ -73,13 +75,15 @@ export interface JRPCResponse<T> {
 }
 
 export interface LegacyKeyLookupResult {
-  keyResult: Pick<LegacyVerifierLookupResponse, "keys">;
+  keyResult: Pick<LegacyVerifierLookupResponse, "keys" | "server_time_offset">;
   errorResult: JRPCResponse<LegacyVerifierLookupResponse>["error"];
+  serverTimeOffset: number;
 }
 
 export interface KeyLookupResult {
   keyResult: Pick<VerifierLookupResponse, "keys" | "is_new_key">;
   nodeIndexes: number[];
+  serverTimeOffset: number;
   errorResult: JRPCResponse<VerifierLookupResponse>["error"];
   nonceResult?: GetOrSetNonceResult;
 }
@@ -134,6 +138,7 @@ export interface KeyAssignment {
 
 export interface LegacyShareRequestResult {
   keys: LegacyKeyAssignment[];
+  server_time_offset?: string;
 }
 
 export interface ShareRequestResult {
@@ -147,6 +152,7 @@ export interface ShareRequestResult {
   node_pubx: string;
   node_puby: string;
   is_new_key: string;
+  server_time_offset?: string;
 }
 
 export interface ImportedShare {
@@ -183,6 +189,7 @@ export interface TorusPublicKey {
     nonce?: BN;
     typeOfUser: UserType;
     upgraded: boolean | null;
+    serverTimeOffset: number;
   };
   nodesData: {
     nodeIndexes: number[];

diff --git a/src/torus.ts b/src/torus.ts
@@ -252,6 +252,8 @@ class Torus {
     return this.getLegacyPublicAddress(endpoints, torusNodePubs, { verifier, verifierId }, true);
   }
 
+  // this function is soon going to be deprecated
+  // this is only supported in celeste network currently.
   private async legacyRetrieveShares(
     endpoints: string[],
     indexes: number[],
@@ -356,12 +358,19 @@ class Torus {
             endpoints[i],
             generateJsonRPCObject("ShareRequest", {
               encrypted: "yes",
+              client_time: Math.floor(Date.now() / 1000).toString(),
               item: [{ ...verifierParams, idtoken: idToken, nodesignatures: nodeSigs, verifieridentifier: verifier, ...extraParams }],
             })
           ).catch((err) => log.error("share req", err));
           promiseArrRequest.push(p);
         }
-        return Some<void | JRPCResponse<LegacyShareRequestResult>, BN | undefined>(promiseArrRequest, async (shareResponses, sharedState) => {
+        return Some<
+          void | JRPCResponse<LegacyShareRequestResult>,
+          {
+            privateKey: BN | undefined;
+            serverTimeOffset: number;
+          }
+        >(promiseArrRequest, async (shareResponses, sharedState) => {
           /*
               ShareRequestResult struct {
                 Keys []KeyAssignment
@@ -391,8 +400,12 @@ class Torus {
           if (completedRequests.length >= ~~(endpoints.length / 2) + 1 && thresholdPublicKey) {
             const sharePromises: Promise<void | Buffer>[] = [];
             const nodeIndexes: BN[] = [];
+            const serverTimeOffsets: number[] = [];
             for (let i = 0; i < shareResponses.length; i += 1) {
               const currentShareResponse = shareResponses[i] as JRPCResponse<LegacyShareRequestResult>;
+              const timeOffSet = currentShareResponse?.result?.server_time_offset;
+              const parsedTimeOffset = timeOffSet ? parseInt(timeOffSet, 10) : 0;
+              serverTimeOffsets.push(parsedTimeOffset);
               if (currentShareResponse?.result?.keys?.length > 0) {
                 currentShareResponse.result.keys.sort((a, b) => new BN(a.Index, 16).cmp(new BN(b.Index, 16)));
                 const firstKey = currentShareResponse.result.keys[0];
@@ -451,13 +464,15 @@ class Torus {
             if (privateKey === undefined || privateKey === null) {
               throw new Error("could not derive private key");
             }
-            return privateKey;
+            return { privateKey, serverTimeOffset: this.serverTimeOffset || Math.max(...serverTimeOffsets) };
           }
           throw new Error("invalid");
         });
       })
-      .then(async (returnedKey) => {
-        const oAuthKey = returnedKey;
+      .then(async (keyData) => {
+        const { serverTimeOffset, privateKey: returnedOauthKey } = keyData;
+        const oAuthKey = returnedOauthKey;
+
         if (!oAuthKey) throw new Error("Invalid private key returned");
         const oAuthPubKey = getPublic(Buffer.from(oAuthKey.toString(16, 64), "hex")).toString("hex");
         const oAuthKeyX = oAuthPubKey.slice(2, 66);
@@ -467,7 +482,7 @@ class Torus {
         let typeOfUser: UserType = "v1";
         let pubKeyNonceResult: { X: string; Y: string } | undefined;
         if (this.enableOneKey) {
-          const nonceResult = await getNonce(this.legacyMetadataHost, this.ec, this.serverTimeOffset, oAuthKeyX, oAuthKeyY, oAuthKey);
+          const nonceResult = await getNonce(this.legacyMetadataHost, this.ec, serverTimeOffset, oAuthKeyX, oAuthKeyY, oAuthKey);
           metadataNonce = new BN(nonceResult.nonce || "0", 16);
           typeOfUser = nonceResult.typeOfUser;
           if (typeOfUser === "v2") {
@@ -539,6 +554,7 @@ class Torus {
             nonce: metadataNonce,
             typeOfUser: typeOfUser as UserType,
             upgraded: isUpgraded,
+            serverTimeOffset,
           },
           nodesData: {
             nodeIndexes: [],
@@ -556,7 +572,7 @@ class Torus {
     let finalKeyResult: LegacyVerifierLookupResponse | undefined;
     let isNewKey = false;
 
-    const { keyResult, errorResult } = (await legacyKeyLookup(endpoints, verifier, verifierId)) || {};
+    const { keyResult, errorResult, serverTimeOffset } = (await legacyKeyLookup(endpoints, verifier, verifierId)) || {};
     if (errorResult && JSON.stringify(errorResult).includes("Verifier not supported")) {
       // change error msg
       throw new Error(`Verifier not supported. Check if you: \n
@@ -582,12 +598,13 @@ class Torus {
     } else {
       throw new Error(`node results do not match at first lookup ${JSON.stringify(keyResult || {})}, ${JSON.stringify(errorResult || {})}`);
     }
-
     if (finalKeyResult) {
+      const finalServerTimeOffset = this.serverTimeOffset || serverTimeOffset;
       return this.formatLegacyPublicKeyData({
         finalKeyResult,
         isNewKey,
         enableOneKey,
+        serverTimeOffset: finalServerTimeOffset,
       });
     }
     throw new Error(`node results do not match at final lookup ${JSON.stringify(keyResult || {})}, ${JSON.stringify(errorResult || {})}`);
@@ -624,7 +641,8 @@ class Torus {
       verifierId,
       extendedVerifierId,
     });
-    const { errorResult, keyResult, nodeIndexes = [] } = keyAssignResult;
+    const { errorResult, keyResult, nodeIndexes = [], serverTimeOffset } = keyAssignResult;
+    const finalServerTimeOffset = this.serverTimeOffset || serverTimeOffset;
     const { nonceResult } = keyAssignResult;
     if (errorResult && JSON.stringify(errorResult).toLowerCase().includes("verifier not supported")) {
       // change error msg
@@ -659,6 +677,7 @@ class Torus {
         finalKeyResult: {
           keys: keyResult.keys,
         },
+        serverTimeOffset: finalServerTimeOffset,
       });
     } else {
       const v2NonceResult = nonceResult as v2NonceResultType;
@@ -700,6 +719,7 @@ class Torus {
         nonce,
         upgraded: (nonceResult as v2NonceResultType)?.upgraded || false,
         typeOfUser: "v2",
+        serverTimeOffset: finalServerTimeOffset,
       },
       nodesData: {
         nodeIndexes,
@@ -711,8 +731,9 @@ class Torus {
     finalKeyResult: LegacyVerifierLookupResponse;
     enableOneKey: boolean;
     isNewKey: boolean;
+    serverTimeOffset: number;
   }): Promise<TorusPublicKey> {
-    const { finalKeyResult, enableOneKey, isNewKey } = params;
+    const { finalKeyResult, enableOneKey, isNewKey, serverTimeOffset } = params;
     const { pub_key_X: X, pub_key_Y: Y } = finalKeyResult.keys[0];
     let nonceResult: GetOrSetNonceResult;
     let nonce: BN;
@@ -722,9 +743,10 @@ class Torus {
 
     const oAuthPubKey = this.ec.keyFromPublic({ x: X, y: Y }).getPublic();
 
+    const finalServerTimeOffset = this.serverTimeOffset || serverTimeOffset;
     if (enableOneKey) {
       try {
-        nonceResult = await getOrSetNonce(this.legacyMetadataHost, this.ec, this.serverTimeOffset, X, Y, undefined, !isNewKey);
+        nonceResult = await getOrSetNonce(this.legacyMetadataHost, this.ec, finalServerTimeOffset, X, Y, undefined, !isNewKey);
         nonce = new BN(nonceResult.nonce || "0", 16);
         typeOfUser = nonceResult.typeOfUser;
       } catch {
@@ -783,6 +805,7 @@ class Torus {
         nonce,
         upgraded: (nonceResult as v2NonceResultType)?.upgraded || false,
         typeOfUser,
+        serverTimeOffset: finalServerTimeOffset,
       },
       nodesData: {
         nodeIndexes: [],

diff --git a/test/aqua.test.ts b/test/aqua.test.ts
@@ -29,6 +29,8 @@ describe("torus utils aqua", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xDfA967285AC699A70DA340F60d00DB19A272639d");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xDfA967285AC699A70DA340F60d00DB19A272639d",
@@ -56,6 +58,8 @@ describe("torus utils aqua", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result1 = (await torus.getUserTypeAndAddress(torusNodeEndpoints, torusNodePub, verifierDetails)) as TorusPublicKey;
     expect(result1.metadata.typeOfUser).to.equal("v2");
+    delete result1.metadata.serverTimeOffset;
+
     expect(result1).eql({
       oAuthKeyData: {
         evmAddress: "0xDfA967285AC699A70DA340F60d00DB19A272639d",
@@ -87,6 +91,8 @@ describe("torus utils aqua", function () {
       verifierId: v2TestEmail,
     })) as TorusPublicKey;
     expect(result2.metadata.typeOfUser).to.equal("v2");
+    delete result2.metadata.serverTimeOffset;
+
     expect(result2).eql({
       oAuthKeyData: {
         evmAddress: "0x4ea5260fF85678A2a326D08DF9C44d1f559a5828",
@@ -116,6 +122,8 @@ describe("torus utils aqua", function () {
       verifier: v2Verifier,
       verifierId: v2nTestEmail,
     })) as TorusPublicKey;
+    delete result3.metadata.serverTimeOffset;
+
     expect(result3.metadata.typeOfUser).to.equal("v2");
     expect(result3).eql({
       oAuthKeyData: {
@@ -161,6 +169,8 @@ describe("torus utils aqua", function () {
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
     expect(result.finalKeyData.privKey).to.be.equal("f726ce4ac79ae4475d72633c94769a8817aff35eebe2d4790aed7b5d8a84aa1d");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0x9EBE51e49d8e201b40cAA4405f5E0B86d9D27195",
@@ -196,6 +206,7 @@ describe("torus utils aqua", function () {
       },
       hashedIdToken.substring(2)
     );
+    delete result.metadata.serverTimeOffset;
 
     expect(result.oAuthKeyData.evmAddress).to.be.equal("0x5b58d8a16fDA79172cd42Dc3068d5CEf26a5C81D");
     expect(result.finalKeyData.evmAddress).to.be.equal("0x5b58d8a16fDA79172cd42Dc3068d5CEf26a5C81D");

diff --git a/test/celeste.test.ts b/test/celeste.test.ts
@@ -29,6 +29,8 @@ describe("torus utils celeste", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xeC80FB9aB308Be1789Bd3f9317962D5505A4A242");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xeC80FB9aB308Be1789Bd3f9317962D5505A4A242",
@@ -57,6 +59,8 @@ describe("torus utils celeste", function () {
     const result1 = await torus.getUserTypeAndAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result1.finalKeyData.evmAddress).to.equal("0xeC80FB9aB308Be1789Bd3f9317962D5505A4A242");
     expect(result1.metadata.typeOfUser).to.equal("v1");
+    delete result1.metadata.serverTimeOffset;
+
     expect(result1).eql({
       oAuthKeyData: {
         evmAddress: "0xeC80FB9aB308Be1789Bd3f9317962D5505A4A242",
@@ -86,6 +90,8 @@ describe("torus utils celeste", function () {
     });
     expect(result2.finalKeyData.evmAddress).to.equal("0x69fB3A96016817F698a1279aE2d65F3916F3Db6F");
     expect(result2.metadata.typeOfUser).to.equal("v1");
+    delete result2.metadata.serverTimeOffset;
+
     expect(result2).eql({
       oAuthKeyData: {
         evmAddress: "0x69fB3A96016817F698a1279aE2d65F3916F3Db6F",
@@ -112,6 +118,8 @@ describe("torus utils celeste", function () {
       verifier: v2Verifier,
       verifierId: v2nTestEmail,
     });
+    delete result3.metadata.serverTimeOffset;
+
     expect(result3.finalKeyData.evmAddress).to.equal("0x24aCac36F8A4bD93052207dA410dA71AF92258b7");
     expect(result3.metadata.typeOfUser).to.equal("v1");
     expect(result3).eql({
@@ -155,6 +163,8 @@ describe("torus utils celeste", function () {
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
     expect(result.finalKeyData.privKey).to.be.equal("0ae056aa938080c9e8bf6641261619e09fd510c91bb5aad14b0de9742085a914");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0x58420FB83971C4490D8c9B091f8bfC890D716617",
@@ -190,6 +200,8 @@ describe("torus utils celeste", function () {
       },
       hashedIdToken.substring(2)
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result.oAuthKeyData.evmAddress).to.be.equal("0x535Eb1AefFAc6f699A2a1A5846482d7b5b2BD564");
     expect(result.finalKeyData.evmAddress).to.be.equal("0x535Eb1AefFAc6f699A2a1A5846482d7b5b2BD564");
     expect(result).eql({

diff --git a/test/cyan.test.ts b/test/cyan.test.ts
@@ -29,6 +29,8 @@ describe("torus utils cyan", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xA3767911A84bE6907f26C572bc89426dDdDB2825");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xA3767911A84bE6907f26C572bc89426dDdDB2825",
@@ -57,6 +59,8 @@ describe("torus utils cyan", function () {
     const result1 = await torus.getUserTypeAndAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result1.finalKeyData.evmAddress).to.equal("0x3507F0d192a44E436B8a6C32a37d57D022861b1a");
     expect(result1.metadata.typeOfUser).to.equal("v2");
+    delete result1.metadata.serverTimeOffset;
+
     expect(result1).eql({
       oAuthKeyData: {
         evmAddress: "0xA3767911A84bE6907f26C572bc89426dDdDB2825",
@@ -87,6 +91,8 @@ describe("torus utils cyan", function () {
       verifier: v2Verifier,
       verifierId: v2TestEmail,
     });
+    delete result2.metadata.serverTimeOffset;
+
     expect(result2.finalKeyData.evmAddress).to.equal("0x8EA83Ace86EB414747F2b23f03C38A34E0217814");
     expect(result2.metadata.typeOfUser).to.equal("v2");
     expect(result2).eql({
@@ -117,6 +123,8 @@ describe("torus utils cyan", function () {
       verifier: v2Verifier,
       verifierId: v2nTestEmail,
     });
+    delete result3.metadata.serverTimeOffset;
+
     expect(result3.finalKeyData.evmAddress).to.equal("0xCC1f953f6972a9e3d685d260399D6B85E2117561");
     expect(result3.metadata.typeOfUser).to.equal("v2");
     expect(result3).eql({
@@ -163,6 +171,8 @@ describe("torus utils cyan", function () {
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
     delete result.sessionData;
+    delete result.metadata.serverTimeOffset;
+
     expect(result.finalKeyData.privKey).to.be.equal("5db51619684b32a2ff2375b4c03459d936179dfba401cb1c176b621e8a2e4ac8");
     expect(result).eql({
       finalKeyData: {
@@ -199,6 +209,7 @@ describe("torus utils cyan", function () {
       hashedIdToken.substring(2)
     );
     delete result.sessionData;
+    delete result.metadata.serverTimeOffset;
 
     expect(result.oAuthKeyData.evmAddress).to.be.equal("0x34117FDFEFBf1ad2DFA6d4c43804E6C710a6fB04");
     expect(result.finalKeyData.evmAddress).to.be.equal("0x34117FDFEFBf1ad2DFA6d4c43804E6C710a6fB04");

diff --git a/test/mainnet.test.ts b/test/mainnet.test.ts
@@ -29,6 +29,8 @@ describe("torus utils mainnet", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0x0C44AFBb5395a9e8d28DF18e1326aa0F16b9572A");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x0C44AFBb5395a9e8d28DF18e1326aa0F16b9572A",
@@ -56,6 +58,8 @@ describe("torus utils mainnet", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result1 = await torus.getUserTypeAndAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result1.metadata.typeOfUser).to.equal("v2");
+    delete result1.metadata.serverTimeOffset;
+
     expect(result1).eql({
       oAuthKeyData: {
         evmAddress: "0x0C44AFBb5395a9e8d28DF18e1326aa0F16b9572A",
@@ -86,6 +90,8 @@ describe("torus utils mainnet", function () {
       verifier: v2Verifier,
       verifierId: v2TestEmail,
     });
+    delete result2.metadata.serverTimeOffset;
+
     expect(result2.finalKeyData.evmAddress).to.equal("0xFf669A15bFFcf32D3C5B40bE9E5d409d60D43526");
     expect(result2.metadata.typeOfUser).to.equal("v2");
     expect(result2).eql({
@@ -117,6 +123,8 @@ describe("torus utils mainnet", function () {
       verifier: v2Verifier,
       verifierId: v2nTestEmail,
     });
+    delete result3.metadata.serverTimeOffset;
+
     expect(result3.metadata.typeOfUser).to.equal("v2");
     expect(result3).eql({
       oAuthKeyData: {
@@ -164,6 +172,7 @@ describe("torus utils mainnet", function () {
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
     delete result.sessionData;
+    delete result.metadata.serverTimeOffset;
 
     expect(result).eql({
       finalKeyData: {
@@ -202,6 +211,7 @@ describe("torus utils mainnet", function () {
     expect(result.oAuthKeyData.evmAddress).to.be.equal("0x621a4d458cFd345dAE831D9E756F10cC40A50381");
     expect(result.finalKeyData.evmAddress).to.be.equal("0x621a4d458cFd345dAE831D9E756F10cC40A50381");
     delete result.sessionData;
+    delete result.metadata.serverTimeOffset;
 
     expect(result).eql({
       finalKeyData: {

diff --git a/test/onekey.test.ts b/test/onekey.test.ts
@@ -32,6 +32,8 @@ describe("torus onekey", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const publicAddress = (await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails)) as TorusPublicKey;
     expect(publicAddress.finalKeyData.evmAddress).to.be.equal("0x930abEDDCa6F9807EaE77A3aCc5c78f20B168Fd1");
+    delete publicAddress.metadata.serverTimeOffset;
+
     expect(publicAddress).eql({
       oAuthKeyData: {
         evmAddress: "0xf1e76fcDD28b5AA06De01de508fF21589aB9017E",
@@ -64,6 +66,8 @@ describe("torus onekey", function () {
       { verifier_id: TORUS_TEST_EMAIL },
       token
     );
+    delete retrieveSharesResponse.metadata.serverTimeOffset;
+
     expect(retrieveSharesResponse.finalKeyData.privKey).to.be.equal("296045a5599afefda7afbdd1bf236358baff580a0fe2db62ae5c1bbe817fbae4");
     expect(retrieveSharesResponse).eql({
       finalKeyData: {
@@ -111,6 +115,8 @@ describe("torus onekey", function () {
       },
       hashedIdToken.substring(2)
     );
+    delete retrieveSharesResponse.metadata.serverTimeOffset;
+
     expect(retrieveSharesResponse.finalKeyData.evmAddress).to.be.equal("0xE1155dB406dAD89DdeE9FB9EfC29C8EedC2A0C8B");
     expect(retrieveSharesResponse).eql({
       finalKeyData: {
@@ -182,6 +188,8 @@ describe("torus onekey", function () {
       { verifier_id: "Jonathan.Nolan@hotmail.com" },
       token
     );
+    delete retrieveSharesResponse.metadata.serverTimeOffset;
+
     expect(retrieveSharesResponse.finalKeyData.privKey).to.be.equal("9ec5b0504e252e35218c7ce1e4660eac190a1505abfbec7102946f92ed750075");
     expect(retrieveSharesResponse.finalKeyData.evmAddress).to.be.equal("0x2876820fd9536BD5dd874189A85d71eE8bDf64c2");
     expect(retrieveSharesResponse).eql({

diff --git a/test/sapphire_devnet.test.ts b/test/sapphire_devnet.test.ts
@@ -52,6 +52,7 @@ describe("torus utils sapphire devnet", function () {
     const publicKeyData = await legacyTorus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(publicKeyData.metadata.typeOfUser).to.equal("v1");
     expect(publicKeyData.finalKeyData.evmAddress).to.equal("0x930abEDDCa6F9807EaE77A3aCc5c78f20B168Fd1");
+    delete publicKeyData.metadata.serverTimeOffset;
     expect(publicKeyData).eql({
       oAuthKeyData: {
         evmAddress: "0xf1e76fcDD28b5AA06De01de508fF21589aB9017E",
@@ -97,6 +98,8 @@ describe("torus utils sapphire devnet", function () {
     );
     expect(retrieveSharesResponse.finalKeyData.privKey).to.be.equal("dca7f29d234dc71561efe1a874d872bf34f6528bc042fe35e57197eac1f14eb9");
     delete retrieveSharesResponse.sessionData;
+    delete retrieveSharesResponse.metadata.serverTimeOffset;
+
     expect(retrieveSharesResponse).eql({
       oAuthKeyData: {
         evmAddress: "0xbeFfcC367D741C53A63F50eA805c1e93d3C64fEc",
@@ -143,6 +146,7 @@ describe("torus utils sapphire devnet", function () {
     });
     expect(result.finalKeyData.evmAddress).to.equal("0xE91200d82029603d73d6E307DbCbd9A7D0129d8D");
     expect(result.metadata.typeOfUser).to.equal("v2");
+    delete result.metadata.serverTimeOffset;
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x376597141d8d219553378313d18590F373B09795",
@@ -174,6 +178,7 @@ describe("torus utils sapphire devnet", function () {
     });
     expect(data.metadata.typeOfUser).to.equal("v2");
     expect(data.finalKeyData.evmAddress).to.equal("0x1016DA7c47A04C76036637Ea02AcF1d29c64a456");
+    delete data.metadata.serverTimeOffset;
     expect(data).eql({
       oAuthKeyData: {
         evmAddress: "0xd45383fbF04BccFa0450d7d8ee453ca86b7C6544",
@@ -203,6 +208,8 @@ describe("torus utils sapphire devnet", function () {
     const nodeDetails = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x137B3607958562D03Eb3C6086392D1eFa01aA6aa",
@@ -246,7 +253,10 @@ describe("torus utils sapphire devnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
 
     const result1 = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
+    delete result1.metadata.serverTimeOffset;
     const result2 = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
+    delete result2.metadata.serverTimeOffset;
+
     expect(result1.finalKeyData).eql(result2.finalKeyData);
     expect(result1.oAuthKeyData).eql(result2.oAuthKeyData);
     expect(result1.metadata).eql(result2.metadata);
@@ -257,6 +267,8 @@ describe("torus utils sapphire devnet", function () {
     const nodeDetails = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x137B3607958562D03Eb3C6086392D1eFa01aA6aa",
@@ -302,6 +314,8 @@ describe("torus utils sapphire devnet", function () {
       { verifier_id: TORUS_TEST_EMAIL },
       token
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0x462A8BF111A55C9354425F875F89B22678c0Bc44",
@@ -344,6 +358,8 @@ describe("torus utils sapphire devnet", function () {
       { verifier_id: TORUS_TEST_EMAIL },
       token
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0x462A8BF111A55C9354425F875F89B22678c0Bc44",
@@ -397,7 +413,8 @@ describe("torus utils sapphire devnet", function () {
     const parsedSigsData = signatures.map((s) => JSON.parse(atob(s.data)));
     parsedSigsData.forEach((ps) => {
       const sessionTime = ps.exp - Math.floor(Date.now() / 1000);
-      expect(sessionTime).eql(customSessionTime);
+      expect(sessionTime).greaterThan(customSessionTime - 5); // giving a latency leeway of 5 seconds
+      expect(sessionTime).lessThanOrEqual(customSessionTime);
     });
   });
 
@@ -432,6 +449,8 @@ describe("torus utils sapphire devnet", function () {
     const nodeDetails = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xBd6Bc8aDC5f2A0526078Fd2016C4335f64eD3a30",
@@ -496,6 +515,8 @@ describe("torus utils sapphire devnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xF79b5ffA48463eba839ee9C97D61c6063a96DA03");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x4135ad20D2E9ACF37D64E7A6bD8AC34170d51219",
@@ -539,6 +560,8 @@ describe("torus utils sapphire devnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xF79b5ffA48463eba839ee9C97D61c6063a96DA03");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x4135ad20D2E9ACF37D64E7A6bD8AC34170d51219",
@@ -575,6 +598,8 @@ describe("torus utils sapphire devnet", function () {
       { verifier_id: TORUS_HASH_ENABLED_TEST_EMAIL },
       token
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result.finalKeyData.privKey).to.be.equal("066270dfa345d3d0415c8223e045f366b238b50870de7e9658e3c6608a7e2d32");
     expect(result).eql({
       finalKeyData: {
@@ -625,6 +650,8 @@ describe("torus utils sapphire devnet", function () {
       },
       hashedIdToken.substring(2)
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result.finalKeyData.evmAddress).to.not.equal(null);
     expect(result.finalKeyData.evmAddress).to.not.equal("");
     expect(result.oAuthKeyData.evmAddress).to.not.equal(null);

diff --git a/test/sapphire_mainnet.test.ts b/test/sapphire_mainnet.test.ts
@@ -14,9 +14,8 @@ const TORUS_TEST_VERIFIER = "torus-test-health";
 const TORUS_TEST_AGGREGATE_VERIFIER = "torus-aggregate-sapphire-mainnet";
 const HashEnabledVerifier = "torus-test-verifierid-hash";
 const TORUS_EXTENDED_VERIFIER_EMAIL = "testextenderverifierid@example.com";
-const TORUS_IMPORT_EMAIL = "importeduser5@tor.us";
 
-describe.only("torus utils sapphire mainnet", function () {
+describe("torus utils sapphire mainnet", function () {
   let torus: TorusUtils;
   let TORUS_NODE_MANAGER: NodeManager;
 
@@ -34,6 +33,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0x327b2742768B436d09153429E762FADB54413Ded");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xb1a49C6E50a1fC961259a8c388EAf5953FA5152b",
@@ -76,28 +77,6 @@ describe.only("torus utils sapphire mainnet", function () {
     );
     expect(result.finalKeyData.privKey).to.be.equal(privHex);
   });
-  it.skip("should be able to import a key for a existing user", async function () {
-    let verifierDetails = { verifier: TORUS_TEST_VERIFIER, verifierId: TORUS_IMPORT_EMAIL };
-    const nodeDetails = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
-    const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
-    const token = generateIdToken(TORUS_IMPORT_EMAIL, "ES256");
-    const privKeyBuffer = generatePrivate();
-    const privHex = privKeyBuffer.toString("hex");
-    const result1 = await torus.importPrivateKey(
-      torusNodeEndpoints,
-      nodeDetails.torusIndexes,
-      nodeDetails.torusNodePub,
-      TORUS_TEST_VERIFIER,
-      { verifier_id: TORUS_IMPORT_EMAIL },
-      token,
-      privHex
-    );
-    expect(result1.finalKeyData.privKey).to.be.equal(privHex);
-    verifierDetails = { verifier: TORUS_TEST_VERIFIER, verifierId: TORUS_IMPORT_EMAIL };
-    const result2 = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
-    expect(result1.finalKeyData.evmAddress).to.be.equal(result2.finalKeyData.evmAddress);
-  });
-
   it("should be able to key assign", async function () {
     const verifier = "tkey-google-sapphire-mainnet"; // any verifier
     const email = faker.internet.email();
@@ -138,6 +117,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.be.equal("0x98EC5b049c5C0Dc818C69e95CF43534AEB80261A");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x98EC5b049c5C0Dc818C69e95CF43534AEB80261A",
@@ -187,6 +168,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xCb76F4C8cbAe524997787B57efeeD99f6D3BD5AB");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xeBe48BE7693a36Ff562D18c4494AC4496A45EaaC",
@@ -217,6 +200,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const torusNodeEndpoints = nodeDetails.torusNodeSSSEndpoints;
     const result = await torus.getPublicAddress(torusNodeEndpoints, nodeDetails.torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0xCb76F4C8cbAe524997787B57efeeD99f6D3BD5AB");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0xeBe48BE7693a36Ff562D18c4494AC4496A45EaaC",
@@ -254,6 +239,8 @@ describe.only("torus utils sapphire mainnet", function () {
       token
     );
     expect(result.finalKeyData.privKey).to.be.equal("13941ecd812b08d8a33a20bc975f0cd1c3f82de25b20c0c863ba5f21580b65f6");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0xCb76F4C8cbAe524997787B57efeeD99f6D3BD5AB",
@@ -290,6 +277,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
     expect(result.finalKeyData.privKey).to.be.equal("dfb39b84e0c64b8c44605151bf8670ae6eda232056265434729b6a8a50fa3419");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       finalKeyData: {
         evmAddress: "0x70520A7F04868ACad901683699Fa32765C9F6871",
@@ -368,7 +357,8 @@ describe.only("torus utils sapphire mainnet", function () {
     const parsedSigsData = signatures.map((s) => JSON.parse(atob(s.data)));
     parsedSigsData.forEach((ps) => {
       const sessionTime = ps.exp - Math.floor(Date.now() / 1000);
-      expect(sessionTime).eql(customSessionTime);
+      expect(sessionTime).greaterThan(customSessionTime - 5); // giving a latency leeway of 5 seconds
+      expect(sessionTime).lessThanOrEqual(customSessionTime);
     });
   });
 });
diff --git a/test/testnet.test.ts b/test/testnet.test.ts
@@ -1,8 +1,10 @@
 import { TORUS_LEGACY_NETWORK } from "@toruslabs/constants";
 import NodeManager from "@toruslabs/fetch-node-details";
+import { fail } from "assert";
 import BN from "bn.js";
 import { expect } from "chai";
 import faker from "faker";
+import { useFakeTimers } from "sinon";
 
 import { keccak256, TorusPublicKey } from "../src";
 import TorusUtils from "../src/torus";
@@ -28,6 +30,8 @@ describe("torus utils migrated testnet on sapphire", function () {
     const { torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result.finalKeyData.evmAddress).to.equal("0x9bcBAde70546c0796c00323CD1b97fa0a425A506");
+    delete result.metadata.serverTimeOffset;
+
     expect(result).eql({
       oAuthKeyData: {
         evmAddress: "0x9bcBAde70546c0796c00323CD1b97fa0a425A506",
@@ -56,6 +60,8 @@ describe("torus utils migrated testnet on sapphire", function () {
     const result1 = await torus.getUserTypeAndAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
     expect(result1.finalKeyData.evmAddress).to.equal("0xf5804f608C233b9cdA5952E46EB86C9037fd6842");
     expect(result1.metadata.typeOfUser).to.equal("v2");
+    delete result1.metadata.serverTimeOffset;
+
     expect(result1).eql({
       oAuthKeyData: {
         evmAddress: "0x9bcBAde70546c0796c00323CD1b97fa0a425A506",
@@ -88,6 +94,8 @@ describe("torus utils migrated testnet on sapphire", function () {
     })) as TorusPublicKey;
     expect(result2.finalKeyData.evmAddress).to.equal("0xE91200d82029603d73d6E307DbCbd9A7D0129d8D");
     expect(result2.metadata.typeOfUser).to.equal("v2");
+    delete result2.metadata.serverTimeOffset;
+
     expect(result2).eql({
       oAuthKeyData: {
         evmAddress: "0x376597141d8d219553378313d18590F373B09795",
@@ -119,6 +127,8 @@ describe("torus utils migrated testnet on sapphire", function () {
     })) as TorusPublicKey;
     expect(result3.finalKeyData.evmAddress).to.equal("0x1016DA7c47A04C76036637Ea02AcF1d29c64a456");
     expect(result3.metadata.typeOfUser).to.equal("v2");
+    delete result3.metadata.serverTimeOffset;
+
     expect(result3).eql({
       oAuthKeyData: {
         evmAddress: "0xd45383fbF04BccFa0450d7d8ee453ca86b7C6544",
@@ -162,6 +172,8 @@ describe("torus utils migrated testnet on sapphire", function () {
     const verifierDetails = { verifier: TORUS_TEST_VERIFIER, verifierId: TORUS_TEST_EMAIL };
     const { torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
     const result = await torus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: TORUS_TEST_EMAIL }, token);
+    delete result.metadata.serverTimeOffset;
+
     expect(result.finalKeyData.privKey).to.be.equal("9b0fb017db14a0a25ed51f78a258713c8ae88b5e58a43acb70b22f9e2ee138e3");
     expect(result).eql({
       finalKeyData: {
@@ -201,6 +213,8 @@ describe("torus utils migrated testnet on sapphire", function () {
       },
       hashedIdToken.substring(2)
     );
+    delete result.metadata.serverTimeOffset;
+
     expect(result.metadata.typeOfUser).to.be.equal("v1");
     expect(result.oAuthKeyData.evmAddress).to.be.equal("0x938a40E155d118BD31E439A9d92D67bd55317965");
     expect(result.finalKeyData.evmAddress).to.be.equal("0x938a40E155d118BD31E439A9d92D67bd55317965");
@@ -225,4 +239,45 @@ describe("torus utils migrated testnet on sapphire", function () {
       nodesData: result.nodesData,
     });
   });
+  it("should fail at get or set nonce when server time offset is expired", async function () {
+    const email = "himanshu@tor.us";
+    const verifier = "google-lrc";
+    const token = generateIdToken(email, "ES256");
+
+    const verifierDetails = { verifier, verifierId: email };
+    const legacyTorus = new TorusUtils({
+      network: TORUS_LEGACY_NETWORK.TESTNET,
+      clientId: "YOUR_CLIENT_ID",
+      enableOneKey: true,
+      serverTimeOffset: -100,
+    });
+    const { torusNodeSSSEndpoints: torusNodeEndpoints, torusIndexes } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
+    try {
+      await legacyTorus.retrieveShares(torusNodeEndpoints, torusIndexes, TORUS_TEST_VERIFIER, { verifier_id: email }, token);
+      fail("should not reach here");
+    } catch (err) {
+      expect((err as { status: number }).status).to.equal(403);
+    }
+  });
+
+  it("should pass at get pub nonce when system time is incorrect", async function () {
+    const clock = useFakeTimers();
+    const fakeTime = new Date("2023-05-05T12:00:00").getTime();
+
+    // Mock the system clock time to be a specific time
+    clock.tick(fakeTime);
+
+    // Now, getCurrentTime should return the mocked time
+    const currentTime = new Date().getTime();
+
+    // Assert that the current time matches the mocked time
+    expect(currentTime).to.equal(fakeTime);
+    const email = "himanshu@tor.us";
+    const verifier = "google-lrc";
+    const verifierDetails = { verifier, verifierId: email };
+    const { torusNodeSSSEndpoints: torusNodeEndpoints, torusNodePub } = await TORUS_NODE_MANAGER.getNodeDetails(verifierDetails);
+    const response = await torus.getPublicAddress(torusNodeEndpoints, torusNodePub, verifierDetails);
+    expect(response.metadata.typeOfUser).to.equal("v1");
+    clock.restore();
+  });
 });