Lifetime validation failed. The token is expired. - Identity Server 4

Question

I have the following client defined in my IdentityServer4 project:

new Client
        {
            ClientId = "client_id_mobile",
            AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
            ClientSecrets = { new Secret("client_secret_mobile".Sha256()) },
             AccessTokenType = AccessTokenType.Jwt,
            RefreshTokenUsage = TokenUsage.OneTimeOnly,
            RefreshTokenExpiration = TokenExpiration.Sliding,
            AbsoluteRefreshTokenLifetime = 0,
            IncludeJwtId = true,
            AllowOfflineAccess = true,
            AlwaysSendClientClaims = true,
            UpdateAccessTokenClaimsOnRefresh = true,
            AllowedScopes =
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                IdentityServerConstants.StandardScopes.Email,
                IdentityServerConstants.StandardScopes.Phone,
                IdentityServerConstants.StandardScopes.OfflineAccess,                    
                "api1",                   
                IdentityServerConstants.LocalApi.ScopeName
            },
            RedirectUris = new []
            {
                "https://www.getpostman.com/oauth2/callback"
            }
        }

I have added an additional API to the solution by following this reference

[Authorize(LocalApi.PolicyName)]
[Route("localApi")]
public class LocalTestAPI : ControllerBase
{
    [HttpGet]
    public IActionResult Index()
    {
        return null;
    }
}

Here is how I have defined my ApiScopes and ApiResources

 public static IEnumerable ApiScopes => new List
    {           
        new ApiScope(IdentityServerConstants.LocalApi.ScopeName, "Identity Server Api"),           
    };

    public static IEnumerable ApiResources => new List
    {
         new ApiResource(IdentityServerConstants.LocalApi.ScopeName)
    };

I authenticate with a username and password via postman using the client details above which returns 200 along with access token:

After authenticating successfully I then try to call the additional API as outlined above by passing in the access token as bearer

however, I get the following error:

IdentityServer4.Validation.TokenValidator JWT token validation error: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'. Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.

Access_Token:

eyJhbGciOiJSUzI1NiIsImtpZCI6IkE0QTZFN0ZEQTVFRkNDMTM4MzZEN0UxMjE0MTY5RkVDIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NDI5MDU0MDUsImV4cCI6MTY0MjkwOTAwNSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImNsaWVudF9pZCI6ImNsaWVudF9pZF9tb2JpbGUiLCJzdWIiOiIwYTVkNDRmYy05NmU2LTQ3ZTgtNzI3Yy0wOGQ5ZDNjMGZjZmQiLCJhdXRoX3RpbWUiOjE2NDI5MDU0MDUsImlkcCI6ImxvY2FsIiwiSWQiOiIwYTVkNDRmYy05NmU2LTQ3ZTgtNzI3Yy0wOGQ5ZDNjMGZjZmQiLCJnaXZlbl9uYW1lIjoiVXNlciIsImZhbWlseV9uYW1lIjoiVGVzdCIsImVtYWlsIjoidXNlckBob21lLmNvbS5hdSIsImZ1bGxfbmFtZSI6IlVzZXIgVGVzdCIsIlJvbGUiOiJBZG1pbiIsImp0aSI6IkNEQTUyN0I0RUZCQzYyNTg3OTlGMzVEOUExODYyMkEzIiwiaWF0IjoxNjQyOTA1NDA1LCJzY29wZSI6WyJJZGVudGl0eVNlcnZlckFwaSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJjdXN0b20iXX0.VgvBLiVmdR-8NJhc_vU6OLEOQOJo3_G8Qz6jWq78-b8inxi9DsPhnO38Y76XDqNbDeeLO2k_Qwt7sBQlKUBskxNvfILr-S6mkfFRQ3_3hPASIfKBlsvdhyRPHNif6ZGEXcE93XbgW7hYjG2IdT5vjg_kKdD2qpFXDwiLGSn7nhuq3cVfVsoQ-LMjtbqDFYYKp4hSqfcs5aMNZMWj1m2zll7OoiV8bOpZ1MxA1yUNzvqPvUI-05GVtp01xECjeSwRqcEhUyzzmns7SFSOKasM7WlXBB5qd5w189le2NEf6ErjGVCxAuPL3VYCbzY7_uPlOQ70hWa6EYKqqOXAf4d3Ew

I can't seem to resolve this, can anyone recommend a solution?

Lifetime validation failed. The token is expired. - Identity Server 4

Answers (1)

Related Questions