Token has expired returns status 200


the token has expired returns status 200.
Shouldnt it return some other status?

Whenever posting questions that has anything to do with unexpected requests or responses or any other integration issues, please always include the raw HTTP Request / Response headers.

Here is the request and response

GET ms

GET /customers?CompanyId=00000000-0000-0000-0000-000000000014&IncludeCustomFieldValues=true HTTP/1.1

Content-Type: application/json

x-api-key: 53eeca6f-9eda-49cf-8832-7def10e355cf


User-Agent: PostmanRuntime/7.25.0

Accept: /

Cache-Control: no-cache

Postman-Token: 693009e0-3c8c-426d-afa7-622857c46845


Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Cookie: ss-pid=32e1D5H0qQT1rdzZlPha; ss-opt=perm

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 40

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/10.0

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Set-Cookie: ARRAffinity=db2850a1ad9d5cc171600a50c7d0c1b828a513bbb433ae95bf41cfb1b9629cfb;Path=/;HttpOnly;

Date: Wed, 17 Jun 2020 07:59:17 GMT

Error: TokenException: Token has expired

The integration tests verify that Expired JWT Tokens return a 401 StatusCode in all built-in Auth Repo’s:

Also as you’ve issued a JSON request you should get a structured JSON Error Response that looks like:

{"ResponseStatus":{"ErrorCode":"TokenException","Message":"Token has expired"}}

But you’re getting a plain text response instead:

Error: TokenException: Token has expired

The HTTP Response Headers should also be returning ServiceStack info for X-Powered-By to indicate the response came from ServiceStack, e.g:

X-Powered-By: ServiceStack/5.91 Net45/Windows

So it could be that you have an IIS / ASP .NET handler interfering with the response.

But could be because your Accept HTTP Request Header is invalid, if you didn’t want to explicitly specify which content type should be returned, i.e. (Accept: application/json) you can use the wildcard to accept any Content-Type, e.g:

Accept: */*

But the recommended Accept header is to be explicit with which Content-Type you want returned, i.e:

Accept: application/json