leastprivilege
commented
8 years ago Turn on logging for the middleware Maybe this give you more info.
Sent from my iPhone
On 06.11.2015, at 10:15, rvanoord notifications@github.com wrote:
Hi,
I am using the UseIdentityServerBearerTokenAuthentication() OWIN middleware to protect APIs in a couple of applications.
In both cases, this seems to work fine for a while, but after a day or two the API returns "Unauthorized" for requests with valid access tokens. Restarting the API application in IIS temporarily resolves the issue. After a restart, valid tokens that were rejected by the API, are accepted again. This indicates that there is likely an issue in the implementation of the IdentityServerBearerTokenAuthentication, or in the underlying JwtTokenAuthentication middleware.
The issue is somewhat difficult to debug because the middleware works to start with and seems to stop working at random. Perhaps the issues is linked to some sort of caching mechanism or something?
— Reply to this email directly or view it on GitHub.
tomasAl
cordasfilip
Hi,
I am using the UseIdentityServerBearerTokenAuthentication() OWIN middleware to protect APIs in a couple of applications.
In both cases, this seems to work fine for a while, but after a day or two the API returns "Unauthorized" for requests with valid access tokens. Restarting the API application in IIS temporarily resolves the issue. After a restart, valid tokens that were rejected by the API, are accepted again. This indicates that there is likely an issue in the implementation of the IdentityServerBearerTokenAuthentication, or in the underlying JwtTokenAuthentication middleware.
The issue is somewhat difficult to debug because the middleware works to start with and seems to stop working at random. Perhaps the issues is linked to some sort of caching mechanism or something?