We’ve had Auth0 setup and working successfully for a while. However, I’ve noticed we’re getting occasional auth exceptions thrown (5-6 per day). It’s a .net Core WebApi 3.1 service, hosted on Azure.
“Lifetime validation failed. The token is expired”
After some reading around, this seems related to our auth scheme:
"options.TokenValidationParameters = new TokenValidationParameters" "ValidateLifetime = true"
It totally makes sense that we should want to validate the lifetime of a token, and kick it out if it’s not appropriate, so I don’t want to turn this setting off.
Most of the topics I could find out this point to a time sync error between the auth server and the api. I’ve checked our API time in the console and it looks correct (set to UTC). I can’t imagine Auth0’s auth clock is out more than the 5 minutes that the default Clock Skew is set to.
However, I’m also not seeing the same issue in our other APIs, which have almost identical code/settings.
Any ideas? Thanks!