Hey everyone 
, just following up here in case it helps others who are seeing this.
From our investigation, the “NotBeforeError: jwt not active” cases are very likely due to system clock not matching ours on either the app host or the merchant’s device (if the app is running locally), where the token’s “not before” time is slightly in the future. I’d just make sure your app’s hosting environment’s clock is synced accurately and this should resolve that issue.
For the undefined tokens, these are not expected, but since we don’t see widespread reports of this on our end, our thinking is that they may be implementation-specific. We’re still keen to investigate, but I do realize that catching one of these when it happens is difficult. If you are at all able to capture a HAR (with sensitive info redacted), please share it here (or ping me if you want to set up a DM) and we can take a look.
I know that’s not the most satisfying answer without a concrete repro, but I wanted to close the loop here, let me know if I can clarify anything on my end as always!