Hi all,
Our application consists of an Angular App with a ServiceStack API (.net Framework 4.7.2.). For authentication, we are using an identityserver4.
The workflow for an authentication is as follows:
- User opens angular app
- User clicks “login button”, angular application is redirecting the user to an identityserver4
- Identityserver validates user credentials and issues access_token
- Angular App calls ServiceStack API with access_token (JWT) issued by identityserver
We now have the issue that under some mysterious circumstances, the API is refusing to accept the access_token. After a refresh of the angular App, exactly the same access_token is being accepted.
We believe that this has to do with the access_token not yet being valid (nbf time of jwt token). This can happen, if the time is not 100% in sync between the identityserver and the API Server.
Do you know, if there is a possibility to add a leeway into the validation of the nbf time on the API side?
This is our current Configuration:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
{
new JwtAuthProviderReader(AppSettings)
{
PopulateSessionFilter = (session, payload, req) =>
{
session.Roles = new List<string>() { payload["role"] };
},
AuthRealm = xxx
Audience ="api1",
RequireSecureConnection = false,
HashAlgorithm = "RS256",
PrivateKey = xx
PublicKey = xx
}
})
{
IncludeAssignRoleServices = false,
IncludeRegistrationService = false
}
);