Open Marusyk opened 7 months ago
@westin-m The fix might need to happen in IdentityModel, if so, you can transfer the issue over there.
Could be related to this: AzureAD/microsoft-identity-web#2675
Looking for this answer as well. Need to change logging level specifically for IDX10223.
@jennyf19 Any plans or news on this issue? We need this too.
Treating IDX10223 as an error in logs (Server-side) seems wrong. An expired token is not an error on the Server side, it's a Client-side problem. It just fills up the logs.
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2614#issuecomment-2135739124 is not really the solution to this issue, cause it's about deactivating Identity logs completely, like shown here However, we do not want to disable all Identity logging.
IDX10223 should be treated as a Warning. Alternatively, it would be nice to have a way to "opt-out" from it.
I agree that there is nothing the web API can do when it receives expires tokens. @jennyf19 @brentschmaltz any objections changing the severity to warning or info?
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
2.16.1
Web app
Sign-in users and call web APIs
Web API
Protected web APIs (validating tokens)
Token cache serialization
Not Applicable
Description
Every day I got a lot of error logs like
IDX10223: Lifetime validation failed. The token is expired...
IDX10205: Issuer validation failed...
The 1st one is not an error and we want to ignore it: this means that some of our clients make a request with an expired token, then the 401 will be returned and the client goes to the refresh endpoint for the new token. So it's not an error on the server side, we can't fix it from the server side. Why is it treated as an error?
How to disable/ignore/change-severity them?