Hi ,
We have an API which is called from our APP and access token is passed for authentication… We have added authentication option in API as follows.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = domain;
options.Audience = audience;
options.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
// Grab the raw value of the token, and store it as a claim so we can retrieve it again later in the request pipeline
// Have a look at the ValuesController.UserInformation() method to see how to retrieve it and use it to retrieve the
// user's information from the /userinfo endpoint
if (context.SecurityToken is JwtSecurityToken token)
{
if (context.Principal.Identity is ClaimsIdentity identity)
{
identity.AddClaim(new Claim("access_token", token.RawData));
}
}
return Task.CompletedTask;
}
};
});
And added [Authorize] attribute to controller.
Now when we try to call API , lets say access token is expiring at 12.55 pm , API will keep on getting data back. and after a buffer time between 5-10 minutes , it will fail the token and send 401 UnAuthorized response.
But in one of the methods, we are directly calling Authentication API to get user info by passing same access token .
it fails as per token expiration time and start giving us 401 unAuthorized response.
Why is there delay on token validation on our API side. we are using recomended settings.
P.S. i also noticed similar behaviour in one of my other desktop and MVC projects.
Please advise.
thanks