Fix jwt not active error by adding a small clock tolerence

[tolgap]

WHY are these changes introduced?

Fixes #207

auth0/node-jsonwebtoken supports a clockTolerance option for small differences between machines on the internet. There are multiple users complaining about running into jwt not active errors.

WHAT is this pull request doing?

Uses the clockTolerance option from auth0/node-jsonwebtoken. Sets it at a respectable 5 seconds. All my issues where small differences from 4 seconds to 2 seconds.

Type of change

• Patch: Bug (non-breaking change which fixes an issue)
• Minor: New feature (non-breaking change which adds functionality)
• Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• I have added a changelog entry, prefixed by the type of change noted above
• I have added/updated tests for this change
• I have documented new APIs/updated the documentation for modified APIs (for public APIs)

[devopsangel]

Any updates on this? This seems a blocker to move to latest shopify pkgs.

"@shopify/app-bridge-react": "^2.0.3",
        "@shopify/app-bridge-utils": "^2.0.3",
        "@shopify/koa-shopify-auth": "^4.1.4",
        "@shopify/koa-shopify-graphql-proxy": "^5.0.2",
        "@shopify/koa-shopify-webhooks": "^3.0.2",
        "@shopify/react-shopify-app-route-propagator": "^3.0.8",
        "@shopify/polaris": "^6.6.0",
        "@shopify/polaris-icons": "^4.6.2",
        "@shopify/shopify-api": "^1.4.1",

[mllemango]

Thanks for fixing this! We’re packaging this into our v2 branch for release soon 😄