Lifetime validation failed. The token is expired

Hi,

We’ve had Auth0 setup and working successfully for a while. However, I’ve noticed we’re getting occasional auth exceptions thrown (5-6 per day). It’s a .net Core WebApi 3.1 service, hosted on Azure.

“Lifetime validation failed. The token is expired”

"Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime"

After some reading around, this seems related to our auth scheme:

"options.TokenValidationParameters = new TokenValidationParameters"
"ValidateLifetime = true"

It totally makes sense that we should want to validate the lifetime of a token, and kick it out if it’s not appropriate, so I don’t want to turn this setting off.

Most of the topics I could find out this point to a time sync error between the auth server and the api. I’ve checked our API time in the console and it looks correct (set to UTC). I can’t imagine Auth0’s auth clock is out more than the 5 minutes that the default Clock Skew is set to.

However, I’m also not seeing the same issue in our other APIs, which have almost identical code/settings.

Any ideas? Thanks!