API Gateway 10.7 OAuth token expiry date/time issue

API Gateway 10.7 Fix 6

I have configured API Gateway as an OAuth server. When invoking an API with a valid token, I get this error:

{
"Exception": "API Gateway encountered an error. Error Message:  Token specified is invalid or has expired.. Request Details: Service - <api name masked>, Operation - <resource path masked>, Invocation Time:11:53:44 AM, Date:Oct 9, 2021,  Client IP - <IP address masked>, User - Default and Application:sys:defaultApplication"
}

I am situated in the UK (BST) and servers are in Europe (CEST). Token is issued under GMT and I can see token expiration date is 2021-10-09 10:52:20 GMT in Administration->Security->JWT/OAuth/OpenID->local (authorization server)->OAuth Tokens. This corresponds to 2021-10-09 12:52:20 CEST.

It seems that API Gateway is not correctly calculating the token expiration when the API is invoked. Server timezone (CEST) is 2 hours ahead of GMT and therefore the date/time comparison is wrong. This did not happen in previous versions of API Gateway.

I sincerely appreciate any suggestions on how to resolve this issue.

Hi @Yunus_Aswat,

are you able to try again to register a new token and set the token to be expired in short time, try invoke the token and see whether the issue still happen?
if the issue still happen, I suggest you open an incident ticket to seek for help. Hope this will help you.

Thanks

Hello Alex,

I take it you meant to say “register a new application”? That I did, but the same problem remains.

Obtaining the token works, using it doesn’t.

Regards

I found a OAuth authorization server scope to API scope mapping was missing. Once corrected, the API call worked.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.