IdentityServer4 icon indicating copy to clipboard operation
IdentityServer4 copied to clipboard
verified publisher icon IdentityServer

Security token expired

Open SamAchten opened this issue 4 years ago • 2 comments

Hey,

We have an issue when requesting new tokens. Every so often the IdentityServer hands out new tokens that are already expired. We have checked the clocks on the microservices, they are perfectly in sync. We are not the only team facing this issue, since the problem is identical to these two tickets. Is there any solution/root cause known so we can fix it?

https://github.com/IdentityServer/IdentityServer4/issues/4770 https://github.com/IdentityServer/IdentityServer4/issues/1689

SamAchten avatar Jun 02 '21 09:06 SamAchten

Is there any solution/root cause known so we can fix it?

I personally never had this problem. Please do your own investigation and let us know what you found out.

leastprivilege avatar Jun 02 '21 10:06 leastprivilege

Thank you for your response. We have done extended research but do not see anything wrong with our code. We have an AKS cluster with the IdentityServer running in a pod as well. From time to time our microservices request a new token from the IdentityServer. The token is exchanged without a problem, but the received token is expired. The expiration date is in the past. We have asked Microsoft for support too. They checked the whole setup and verified that all the clocks are running in sync. Since we have found some tickets here on GitHub with the same issue, we thought it could be some bug in IdentityServer.

SamAchten avatar Jun 02 '21 11:06 SamAchten