Access token validation gives no indication when a token has failed

IdentityServer / IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3

Apache License 2.0

90 stars 150 forks source link

Access token validation gives no indication when a token has failed #150

Closed ri-ch closed 7 years ago

ri-ch commented 7 years ago

When using the access token middleware, if i pass an invalid token (expired, for example, the token has expired), the token validation fails, but the middleware will still call the next component in the pipeline. Is this expected behaviour? Is there a way to prevent this?

leastprivilege commented 7 years ago

Thats the expected behavior. The request is anonymous then.