Token has expired returns status 200

bokamera · June 16, 2020, 3:25pm

Hi,

the token has expired returns status 200.
Shouldnt it return some other status?

mythz · June 16, 2020, 3:57pm

Whenever posting questions that has anything to do with unexpected requests or responses or any other integration issues, please always include the raw HTTP Request / Response headers.

bokamera · June 17, 2020, 8:06am

Here is the request and response

GET https://api.bokamera.se/customers?CompanyId=00000000-0000-0000-0000-000000000014&IncludeCustomFieldValues=true200211 ms

GET /customers?CompanyId=00000000-0000-0000-0000-000000000014&IncludeCustomFieldValues=true HTTP/1.1

Content-Type: application/json

x-api-key: 53eeca6f-9eda-49cf-8832-7def10e355cf

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6Im1ROCJ9.eyJzdWIiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMjMiLCJpYXQiOjE1ODk5NzYyMzIsImV4cCI6MTU5MTE4NTgzMiwiZW1haWwiOiJkZW1vMTRAYm9va21lcmUubm8iLCJnaXZlbl9uYW1lIjoiS3Jpc3RpYW4iLCJmYW1pbHlfbmFtZSI6IkFuZGVyc3NvbiIsInByZWZlcnJlZF91c2VybmFtZSI6ImRlbW8xNEBib2thbWVyYS5zZSIsInJvbGVzIjpbIkFwcGxpY2F0aW9uQWRtaW4iXSwiTWVtYmVyc2hpcElkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDIzIiwiVXNlcklkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDIzIiwiQ29tcGFueVVzZXJJZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAyMyIsIkNvbXBhbnlJZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAxNCIsIkNvbXBhbnlDdXN0b21lcnMiOltdfQ.JmnEHd0Tr-7J5Y4rKePpKHQb5CQgKpgQJEJj1CCjeac

User-Agent: PostmanRuntime/7.25.0

Accept: /

Cache-Control: no-cache

Postman-Token: 693009e0-3c8c-426d-afa7-622857c46845

Host: api.bokamera.se

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Cookie: ss-pid=32e1D5H0qQT1rdzZlPha; ss-opt=perm

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 40

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/10.0

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Set-Cookie: ARRAffinity=db2850a1ad9d5cc171600a50c7d0c1b828a513bbb433ae95bf41cfb1b9629cfb;Path=/;HttpOnly;Domain=api.bokamera.se

Date: Wed, 17 Jun 2020 07:59:17 GMT

Error: TokenException: Token has expired

mythz · June 17, 2020, 2:53pm

The integration tests verify that Expired JWT Tokens return a 401 StatusCode in all built-in Auth Repo’s:

github.com

ServiceStack/ServiceStack/blob/master/tests/ServiceStack.Server.Tests/Auth/StatelessAuthTests.cs#L1290


    var client = GetClientWithBearerToken(token);


    try
    {
        var request = new Secured { Name = "test" };
        var response = client.Send(request);
        Assert.Fail("Should throw");
    }
    catch (WebServiceException ex)
    {
        Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
        Assert.That(ex.ErrorCode, Is.EqualTo(typeof(TokenException).Name));
    }
}


[Test]
public void Can_Auto_reconnect_with_BasicAuth_after_expired_token()
{
    var authClient = GetClientWithUserPassword(alwaysSend: true);


    var called = 0;

Also as you’ve issued a JSON request you should get a structured JSON Error Response that looks like:

{"ResponseStatus":{"ErrorCode":"TokenException","Message":"Token has expired"}}

But you’re getting a plain text response instead:

Error: TokenException: Token has expired

The HTTP Response Headers should also be returning ServiceStack info for X-Powered-By to indicate the response came from ServiceStack, e.g:

X-Powered-By: ServiceStack/5.91 Net45/Windows

So it could be that you have an IIS / ASP .NET handler interfering with the response.

But could be because your Accept HTTP Request Header is invalid, if you didn’t want to explicitly specify which content type should be returned, i.e. (Accept: application/json) you can use the wildcard to accept any Content-Type, e.g:

Accept: */*

But the recommended Accept header is to be explicit with which Content-Type you want returned, i.e:

Accept: application/json