Throw "IDX10223: Lifetime validation failed. The token is expired." when working Azure AD with Microsoft.Owin.Security.OpenIdConnect

Question

I'm integrating the "Microsoft Azure AD" to our Asp.NET web projects, all works fine following the guide shown at https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-webapp-dotnet/, even I deploy it to IIS 8.5. However, thing goes bad when I keep the page in Chrome for one night and try to access it again the next morning by doing a refresh, it runs into the exception:

Server Error in '/' Application.
--------------------------------------------------------------------------
IDX10223: Lifetime validation failed. The token is expired.
ValidTo: '05/19/2016 10:45:59'
Current time: '05/19/2016 21:46:31'.

Anybody experienced the same problem? How can I refresh the Token? I tried doing Signout directly and changed the public address, but all doesn't work.

BTW, I did some research, but all mentioned is that it has been resolved in "AspNet.Security.OpenIdConnect.Server" instead of "Microsoft.Owin.Security.OpenIdConnect".

Answer 1

In our case, this was a Docker container issue. After leaving the PC to hibernate, combined with a Docker update of some kind, equalled the Docker container stack in time. A Docker cleanup and a machine reboot, sorted it.

Answer 2

I had a similar "IDX10222" error, after setting the windows time zone to automatic and rebooting the system was able to sign in.

Additionally had to add "Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;" to be able to see date and times here - The token is not yet valid. ValidFrom: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII ]', Current time: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII ]'.

Answer 3

I am having that same problem, Someone on the git here saying its bug https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/issues/191 but I think its related to your machine time because OpenidConnect OAuth token is valid for 1 hour. If your machine time settings is wrong then it behave like this. You can change the time try to test this. please clear your browser cookies too so framework not use older cookies.

Answer 4

In my case, my date/time settings of Windows Pro 10 (the device I was using to login) was not set automatic. Setting it to get date/time automatic solved the issue.