I have an intermitten issue that will occasionally stop upsers from signing into my my site. When they log in they are met with the below error when they are redirected from the OpenIDDict server.
error:invalid_tokenerror_description:The issuer associated to the specified token is not valid.error_uri:https://documentation.openiddict.com/errors/ID2088I find that you can generally refresh the page and the error goes away, but I do not expect the average user to do so. I followed the dantooine webassembly example from OpenIDDict. The odd thing about this issue is that it only happens in production when deployed to my Azure App Service.
Client Config:
#region OpedIdDictbuilder.Services.AddDbContext<ApplicationDbContext>(options =>{ options.UseSqlite(...); options.UseOpenIddict();});builder.Services.AddAntiforgery(options =>{ options.HeaderName = ...; options.Cookie.Name = ...; options.Cookie.SameSite = SameSiteMode.Strict; options.Cookie.SecurePolicy = CookieSecurePolicy.Always;});builder.Services.AddAuthentication(options =>{ options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;}).AddCookie(options =>{ options.LoginPath = ...; options.LogoutPath = ...; options.ExpireTimeSpan = ...; options.SlidingExpiration = false; options.ClaimsIssuer = ...;});builder.Services.AddQuartz(options =>{ options.UseMicrosoftDependencyInjectionJobFactory(); options.UseSimpleTypeLoader(); options.UseInMemoryStore();});builder.Services.AddQuartzHostedService(options => options.WaitForJobsToComplete = true);builder.Services.AddOpenIddict() .AddCore(options => { options.UseEntityFrameworkCore().UseDbContext<ApplicationDbContext>(); options.UseQuartz(); }) .AddClient(options => { options.AllowAuthorizationCodeFlow(); var certificate = ...; options.AddSigningCertificate(certificate); options.AddEncryptionCertificate(certificate); options.UseAspNetCore() .EnableStatusCodePagesIntegration() .EnableRedirectionEndpointPassthrough() .EnablePostLogoutRedirectionEndpointPassthrough(); options.UseSystemNetHttp() .SetProductInformation(typeof(Program).Assembly); options.AddRegistration(new OpenIddictClientRegistration { Issuer = ..., ClientId = ..., ClientSecret = ..., Scopes = { Scopes.Profile, Scopes.Email, Scopes.Phone }, RedirectUri = new Uri(...), PostLogoutRedirectUri = new Uri(...) }); });builder.Services.AddAuthorization(options =>{ options.AddPolicy("CookieAuthenticationPolicy", builder => { builder.AddAuthenticationSchemes(CookieAuthenticationDefaults.AuthenticationScheme); builder.RequireAuthenticatedUser(); });});builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")) .AddTransforms(builder => builder.AddRequestTransform(async context => { var token = await context.HttpContext.GetTokenAsync( scheme: CookieAuthenticationDefaults.AuthenticationScheme, tokenName: Tokens.BackchannelAccessToken); context.ProxyRequest.Headers.Authorization = new AuthenticationHeaderValue(Schemes.Bearer, token); }));builder.Services.AddHostedService<Worker>();#endregion