Successfully logged in to ASP Net Core despite expired id token

I have a simple ASP Net Core web site and noticed that I am able to log into it despite the id token being expired.
Kestrel logs a successfull user authentication.

Did I miss something conceptually?

At the same time, if the same web site queries the access token via HttpContext.GetTokenAsync(“access_token”) then the ASP Net Core API which I am also running recognizes that the token is expired.


Firstly, I’d like to apologize for such a delay in response. We’re doing our best in providing as much value to community as possible but sometimes we are simply people resources constraint, thanks for understanding!

We are more than happy to assist in any way! If the issue is still out there please let us know so we can actually dig further!

Thank you!

This topic was automatically closed after 4 days. New replies are no longer allowed.