Auth0 Home Blog Docs

Successfully logged in to ASP Net Core despite expired id token



I have a simple ASP Net Core web site and noticed that I am able to log into it despite the id token being expired.
Kestrel logs a successfull user authentication.

Did I miss something conceptually?

At the same time, if the same web site queries the access token via HttpContext.GetTokenAsync(“access_token”) then the ASP Net Core API which I am also running recognizes that the token is expired.