Not active oauth tokens after reboot

Question

Hi,I have an oauth profile what generates opaque oauth tokens with long lifetimes.I originally thought the tokens where invalidated after an upgrade or even a failover. Now after testing they are indentified as "Not active" in the APM log. The tokens work just right after generating them.Also, despite the long lifetime setup in the oauth profile, the tmsh commands lists the tokens with same dates on issue and expiry, for both access and refresh tokens. So the tokens seem to be generated with wrong expiry dates.&nbsp;I've noticed this in the production cluster, and am able to test in a standalone non-production device.&nbsp;I have several cases escalated with F5 support but I have no real significant replies and tests to do since weeks. So I am unfortunately asking here to see if anybody has ideas to test or troubleshoot.&nbsp;Thanks.Lloyd&nbsp;&nbsp;&nbsp;&nbsp;

lucas_thompson · Answer

The oauth code in APM has mechanisms for syncing the token DB over to an HA peer, so it should survive a failover.
If the tokens aren't being generated with the right dates, then nothing will work right. I'd begin troubleshooting that before anything else because it's fairly basic. It seems unlikely that APM OAuth AS is completely broken with the default or default-ish settings.&nbsp;Can you share information about the "long lifetime" set up in your oauth profile so we can try it in a basic lab setup?

Forum Discussion

Not active oauth tokens after reboot

1 Reply

Recent Discussions

How to add a new DNS(gtm) to the existing network?

Failed to add new DNS machine to the existing DNS sync-group

Email Notification Sent For The Configuration Change

F5 Malicious Source IP Address Alert

F5 APM Variable Assign agent

Related Content

iControl REST Authentication Token Management

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Rebooting HA pair

set TOKEN [getfield [HTTP::uri]

api token timeout change