Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid refresh tokens after apppool recycle #430

Closed
joelnotified opened this issue Aug 18, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@joelnotified
Copy link

commented Aug 18, 2017

Hi!
I have password flow with refresh tokens set up according to your examples and everything works as expected when running on localhost.

When deployed to IIS, we receive a 400 Bad Request {"error":"invalid_grant","error_description":"The specified refresh token is invalid."} when trying to refresh a token after the application pool has been recycled.

I'm guessing there is something that is being held in memory regarding the refresh tokens, and that memory is dropped when the pool is recycled.

Is this the expected behaviour or should a refresh work after a recycle?

@PinpointTownes

This comment has been minimized.

Copy link
Contributor

commented Aug 18, 2017

Hi @joelnotified,

When deploying your app to IIS, you must configure Data Protection to ensure it uses a persisted key ring. See https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview for more information.

@joelnotified

This comment has been minimized.

Copy link
Author

commented Aug 21, 2017

That did the trick. Thank you! Haven't read up on .NET Core enough I guess.

@sir-boformer

This comment has been minimized.

Copy link

commented Oct 2, 2018

If you stumble across this issue, various solutions can be found here:

https://stackoverflow.com/questions/37099136/aspnet-core-using-in-memory-repo-for-data-protection-when-running-in-iis

Running this shell script for every AppPool seems to be the best solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.