Expired Bearer Token Issue

We are from time to time seeing an re-occuring warning in the Litium log looking like this;

2018-06-27 13:00:12.8686 [WARN ] [] Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware - expired bearer token received

It can happen up to 70-times per second for periods of time and I’m trying to investigate if that is connected to a slowdown in the application we’re seeing.

I’ve also went ahead and investigated the IIS-log around this time to see who is causing all those requests. (I believe timestamps differ because I believe one is UTC and one is server local time). I found A LOT of request coming in looking like this. It most likely looks like requests the website itself is causing… via javascript?

2018-06-27 11:00:03 xx.xx.xx.xx POST /Litium/AppDirect/Token - 443 - xx.xx.xx.xx Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_13_5)+AppleWebKit/605.1.15+(KHTML,+like+Gecko)+Version/11.1.1+Safari/605.1.15 https://[our-domain]/Litium/CMS/Pages.aspx?CMS_SP_ID=daca1ea8-f949-4029-b54f-d677485acfd2 401 0 0 5157 1857 0

(I have removed ip-adresses and such)

Anything you’ve seen before?

Litium version: 6.1.1, 6.1.2-patch-1806080803

It is from back office where an token that was used by the client was expiring.

Turn off the logging with the following row in nlog.config

    <logger name="Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware" minlevel="Trace" writeTo="BlackHole" final="true" />

Thanks for quick reply. Is the solution to turn of logging though? It’s over 70 requests per second, it’s basically DDOS:ing itself right?

I don’t know the scenario that is triggering that the endpoint is requested on that way but we are investigating that and until we have a solution in place turning of the loggning is good to not bloat the log-file with all the rows.

https://docs.litium.com/support/bugs/bug_details?id=44216