API Gateway 10.7 OAuth token expiry date/time issue

API Gateway 10.7 Fix 6

I have configured API Gateway as an OAuth server. When invoking an API with a valid token, I get this error:

"Exception": "API Gateway encountered an error. Error Message:  Token specified is invalid or has expired.. Request Details: Service - <api name masked>, Operation - <resource path masked>, Invocation Time:11:53:44 AM, Date:Oct 9, 2021,  Client IP - <IP address masked>, User - Default and Application:sys:defaultApplication"

I am situated in the UK (BST) and servers are in Europe (CEST). Token is issued under GMT and I can see token expiration date is 2021-10-09 10:52:20 GMT in Administration->Security->JWT/OAuth/OpenID->local (authorization server)->OAuth Tokens. This corresponds to 2021-10-09 12:52:20 CEST.

It seems that API Gateway is not correctly calculating the token expiration when the API is invoked. Server timezone (CEST) is 2 hours ahead of GMT and therefore the date/time comparison is wrong. This did not happen in previous versions of API Gateway.

I sincerely appreciate any suggestions on how to resolve this issue.

Hi @Yunus_Aswat,

are you able to try again to register a new token and set the token to be expired in short time, try invoke the token and see whether the issue still happen?
if the issue still happen, I suggest you open an incident ticket to seek for help. Hope this will help you.


Hello Alex,

I take it you meant to say “register a new application”? That I did, but the same problem remains.

Obtaining the token works, using it doesn’t.


I found a OAuth authorization server scope to api scope mapping was missing. Once corrected, the api call worked.