Throw "IDX10223: Lifetime validation failed. The token is expired." when working Azure AD with Microsoft.Owin.Security.OpenIdConnect

I'm integrating the "Microsoft Azure AD" to our Asp.NET web projects, all works fine following the guide shown at , even I deploy it to IIS 8.5. However, thing goes bad when I keep the page in Chrome for one night and try to access it again the next morning by doing a refresh, it runs into the exception:

Server Error in '/' Application.
--------------------------------------------------------------------------
IDX10223: Lifetime validation failed. The token is expired.
ValidTo: '05/19/2016 10:45:59'
Current time: '05/19/2016 21:46:31'.

Anybody experienced the same problem? How can I refresh the Token? I tried doing Signout directly and changed the public address, but all doesn't work.

BTW, I did some research, but all mentioned is that it has been resolved in "AspNet.Security.OpenIdConnect.Server" instead of "Microsoft.Owin.Security.OpenIdConnect".

1

5 Answers

I had a similar "IDX10222" error, after setting the windows time zone to automatic and rebooting the system was able to sign in.

Additionally had to add "Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;" to be able to see date and times here - The token is not yet valid. ValidFrom: '[PII is hidden. For more details, see ]', Current time: '[PII is hidden. For more details, see ]'.

I am having that same problem, Someone on the git here saying its bug but I think its related to your machine time because OpenidConnect OAuth token is valid for 1 hour. If your machine time settings is wrong then it behave like this. You can change the time try to test this. please clear your browser cookies too so framework not use older cookies.

3

In our case, this was a Docker container issue. After leaving the PC to hibernate, combined with a Docker update of some kind, equalled the Docker container stack in time. A Docker cleanup and a machine reboot, sorted it.

In my case, my date/time settings of Windows Pro 10 (the device I was using to login) was not set automatic. Setting it to get date/time automatic solved the issue.

1

In my case the Identity Server's time was ahead then my machine where I was consuming the service. After setting correct time, you can also try clearing browser cookies.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like