Not active oauth tokens after reboot

Question

Hi,I have an oauth profile what generates opaque oauth tokens with long lifetimes.I originally thought the tokens where invalidated after an upgrade or even a failover. Now after testing they are indentified as "Not active" in the APM log. The tokens work just right after generating them.Also, despite the long lifetime setup in the oauth profile, the tmsh commands lists the tokens with same dates on issue and expiry, for both access and refresh tokens. So the tokens seem to be generated with wrong expiry dates.&nbsp;I've noticed this in the production cluster, and am able to test in a standalone non-production device.&nbsp;I have several cases escalated with F5 support but I have no real significant replies and tests to do since weeks. So I am unfortunately asking here to see if anybody has ideas to test or troubleshoot.&nbsp;Thanks.Lloyd&nbsp;&nbsp;&nbsp;&nbsp;

lucas_thompson · Answer

The oauth code in APM has mechanisms for syncing the token DB over to an HA peer, so it should survive a failover.
If the tokens aren't being generated with the right dates, then nothing will work right. I'd begin troubleshooting that before anything else because it's fairly basic. It seems unlikely that APM OAuth AS is completely broken with the default or default-ish settings.&nbsp;Can you share information about the "long lifetime" set up in your oauth profile so we can try it in a basic lab setup?

Forum Discussion

Not active oauth tokens after reboot

Recent Discussions

APM RDP custom parameters

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Related Content

iControl REST Authentication Token Management

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Rebooting HA pair

set TOKEN [getfield [HTTP::uri]

JSON Web Token (JWT) Parser

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS