Hello guys,
I have an issue where valid tokens from my frontend, when introspected on the back end give me a token expired message. Even though the tokens are still valid
The issue is definitely not the exp value. Because when u decode the token the value is valid.
The worst part is that just restarting the server at times solves the issue. So it's difficult to replicate
, to clarify, are you saying a valid token is getting an expired message back when calling the /oauth2/introspect
endpoint?
I can’t think of any reasons restarting your server would affect the token or the requests to the endpoint. The only thing I can think of is there is some local validation happening and the server clock has drifted and is not in sync, as most validation libraries will use the local server time.
One of the main benefits of JWTs is they can be validated without an external request, for most cases we would recommend just validating the tokens locally.