API Gateway 10.7 Fix 6
I have configured API Gateway as an OAuth server. When invoking an API with a valid token, I get this error:
{
"Exception": "API Gateway encountered an error. Error Message: Token specified is invalid or has expired.. Request Details: Service - <api name masked>, Operation - <resource path masked>, Invocation Time:11:53:44 AM, Date:Oct 9, 2021, Client IP - <IP address masked>, User - Default and Application:sys:defaultApplication"
}
I am situated in the UK (BST) and servers are in Europe (CEST). Token is issued under GMT and I can see token expiration date is 2021-10-09 10:52:20 GMT in Administration->Security->JWT/OAuth/OpenID->local (authorization server)->OAuth Tokens. This corresponds to 2021-10-09 12:52:20 CEST.
It seems that API Gateway is not correctly calculating the token expiration when the API is invoked. Server timezone (CEST) is 2 hours ahead of GMT and therefore the date/time comparison is wrong. This did not happen in previous versions of API Gateway.
I sincerely appreciate any suggestions on how to resolve this issue.