Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Token endpoint throws IDX10401 Exception with valid refresh token #3498

Closed
m3kan1cal opened this issue Feb 1, 2017 · 3 comments
Closed

Token endpoint throws IDX10401 Exception with valid refresh token #3498

m3kan1cal opened this issue Feb 1, 2017 · 3 comments

Comments

@m3kan1cal
Copy link

m3kan1cal commented Feb 1, 2017
edited
Loading

Hey guys,

In an IdentityServer3 project with AspNet.Identity and EF, I have recently started getting an IDX10401 Exception in the response when sending a valid refresh token to the Token endpoint. I'm digging in, but it appears the expires parameter that gets passed in to the System.IdentityModel.Tokens.JwtPayload constructor is always set to the same value as notBefore parameter value. This fails validation and the exception is thrown. If that same refresh token is used again, it fails properly.

Any ideas on where to start with this? Has anyone else run in to this behavior?

Log excerpt

2017-02-01 14:58:40.302 -07:00 [Information] {
  "Category": "InternalError",
  "Name": "Unhandled exception",
  "EventType": "Error",
  "Id": 5000,
  "Message": "System.ArgumentException: IDX10401: Expires: '02/01/2017 21:58:40' must be after NotBefore: '02/01/2017 21:58:40'.\r\n   at System.IdentityModel.Tokens.JwtPayload..ctor(String issuer, String audience, IEnumerable`1 claims, Nullable`1 notBefore, Nullable`1 expires) in c:\\workspace\\WilsonForDotNet45Release\\src\\System.IdentityModel.Tokens.Jwt\\JwtPayload.cs:line 69\r\n   at IdentityServer3.Core.Models.TokenExtensions.CreateJwtPayload(Token token) in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Extensions\\TokenExtensions.cs:line 44\r\n   at IdentityServer3.Core.Services.Default.DefaultTokenSigningService.CreatePayload(Token token) in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Services\\Default\\DefaultTokenSigningService.cs:line 100\r\n   at IdentityServer3.Core.Services.Default.DefaultTokenSigningService.<CreateJsonWebToken>d__8.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Services\\Default\\DefaultTokenSigningService.cs:line 89\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.Services.Default.DefaultTokenSigningService.<SignTokenAsync>d__0.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Services\\Default\\DefaultTokenSigningService.cs:line 69\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.Services.Default.DefaultTokenService.<CreateSecurityTokenAsync>d__c.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Services\\Default\\DefaultTokenService.cs:line 259\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<CreateIdTokenFromRefreshTokenRequestAsync>d__33.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\ResponseHandling\\TokenResponseGenerator.cs:line 265\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)\r\n   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessRefreshTokenRequestAsync>d__18.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\ResponseHandling\\TokenResponseGenerator.cs:line 194\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.ResponseHandling.TokenResponseGenerator.<ProcessAsync>d__0.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\ResponseHandling\\TokenResponseGenerator.cs:line 61\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.Endpoints.TokenEndpointController.<ProcessAsync>d__7.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\TokenEndpointController.cs:line 113\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at IdentityServer3.Core.Endpoints.TokenEndpointController.<Post>d__0.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\TokenEndpointController.cs:line 74\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Threading.Tasks.System.Web.Http910911.TaskHelpersExtensions.<CastToObject>d__3`1.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Tracing.ITraceWriterExtensions.<TraceBeginEndAsyncCore>d__18`1.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Tracing.ITraceWriterExtensions.<TraceBeginEndAsyncCore>d__18`1.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Tracing.Tracers.HttpControllerTracer.<ExecuteAsyncCore>d__5.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Tracing.ITraceWriterExtensions.<TraceBeginEndAsyncCore>d__18`1.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext() in c:\\local\\identity\\server3\\IdentityServer3\\source\\Core\\Endpoints\\Connect\\DiscoveryEndpointController.cs:line 0"

Cheers,
Mark
@shelly-skeens
Copy link

I've just started working with IdentityServer3 refresh tokens, and I'm receiving this same error. Same error in log. Any ideas?

Thanks,
Shelly

@brockallen
Copy link
Member

@leastprivilege

@shelly-skeens
Copy link

My issue is related to not having an IdentityTokenLifetime specified. Of course my refresh grant now includes an id_token (which I am not using) This issue appears to be reported in #3621.

But at least I know what's going on!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brockallen @leastprivilege @shelly-skeens @m3kan1cal