Auth0 access token expiration validation delay in API

Hi ,

We have an API which is called from our APP and access token is passed for authentication… We have added authentication option in API as follows.

services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

        }).AddJwtBearer(options =>
            options.Authority = domain;
            options.Audience = audience;
            options.Events = new JwtBearerEvents
              OnTokenValidated = context =>
                // Grab the raw value of the token, and store it as a claim so we can retrieve it again later in the request pipeline
                // Have a look at the ValuesController.UserInformation() method to see how to retrieve it and use it to retrieve the
                // user's information from the /userinfo endpoint
                if (context.SecurityToken is JwtSecurityToken token)
                  if (context.Principal.Identity is ClaimsIdentity identity)
                    identity.AddClaim(new Claim("access_token", token.RawData));

                return Task.CompletedTask;


And added [Authorize] attribute to controller.
Now when we try to call API , lets say access token is expiring at 12.55 pm , API will keep on getting data back. and after a buffer time between 5-10 minutes , it will fail the token and send 401 UnAuthorized response.

But in one of the methods, we are directly calling Authentication API to get user info by passing same access token .

it fails as per token expiration time and start giving us 401 unAuthorized response.
Why is there delay on token validation on our API side. we are using recomended settings.

P.S. i also noticed similar behaviour in one of my other desktop and MVC projects.
Please advise.


1 Like


Unfortunately, this is not something that depends on our side. This is a third-party issue.

This might be caused by different factors such as cache, how the API verifies the token, and other possibilities.

We can recommend you to check your API settings, but again, this is something that is out of our hands.

I hope you get to a resolution soon.

Thank you!