Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

401 unauthenticated errors returned after updating from 7.0.7 to 7.0.8 on every webapp deployment #1529

Open
Kas-code opened this issue Jan 2, 2025 · 1 comment

Comments

@Kas-code
Copy link

Kas-code commented Jan 2, 2025

Which version of Duende IdentityServer are you using?

Currently using 7.0.8 - The issue was not happening with 7.0.7

Which version of .NET are you using?

.Net 8

Describe the bug

We are using an app service in Microsoft Azure to host our web Api. Users get a token from IdentityServer to authenticate with our Api.
The Webapp in Azure uses slots for deployment.
Whenever we run a deployment, we have a pipeline that deploys to the staging slot, then swaps the slots.
Using version 7.0.7 of Duende.IdentityServer this worked fine. Users who were using the webapp at the time of deployment could continue using it with no noticeable effects when the slots were swapped.

After updating to 7.0.8 of Duende.IdentityServer, if users are actively using the webapp during a deployment, then they get a 401 unauthorised error for every api request after the slots are swapped. It seems that their token becomes invalid and has to be refreshed. All users become unauthenticated after the deployment until they log out and log back in to our application or wait half an hour - (half an hour seems to be the amount of time it takes for the token to automatically renew). We get a massive barrage of 401 errors observed on AppInsights with every deployment. Clearly this is a very bad user experience to have to log out and log back in whenever we release a new version of our webapp.

My guess is that something changed in version 7.0.8 of Duende.IdentityServer that causes users auth tokens to be wiped when the deployment restarts the web server, this didn't happen in previous versions though.

As a temporary workaround, we've implemented in our axios global config on the front end, if any web request returns a 401 then the app performs a new silent sign in request to refresh the user's auth token automatically, which resolves the problem of the user having to log out and log back in. However it is not ideal as the request that the user made at the time causing the 401 will not get through, which can have the effect of - for example if the user was saving a record at the time they will need to save it again.

To Reproduce

Deployment of the webapp on version 7.0.8 reproduces the issue every time.

Expected behavior

Users should be able to continue using the app after deployments with the same auth token.

@AndersAbel
Copy link
Member

There could be multiple causes for this. I would like to start with excluding a basic configuration error. Could you please review https://docs.duendesoftware.com/dataprotection and validate that this is not a data protection issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants