API does not store keys from IdentityServer to validate tokens
I have two machines, one identity server and second REST API
A user through the API logs in, goes post to IS, in response IS returns JWT
The user authenticates himself to the API with each data request.
And everything was working fine, but today I noticed that there is an unusually high load on my IS
It turns out that every time the user queries the API for data, the API sends a request to IS.
But the API should itself check if the token is correct.
API is on
API sends out as many as two requests to IS for each user request:
IS setup:
API setup:
I've get 2x more load to IS than to API, when there should be a few dozen requests per day, not tens of thousands
A user through the API logs in, goes post to IS, in response IS returns JWT
The user authenticates himself to the API with each data request.
And everything was working fine, but today I noticed that there is an unusually high load on my IS
It turns out that every time the user queries the API for data, the API sends a request to IS.
But the API should itself check if the token is correct.
API is on
.NET 6 and LicenseServer is on .NET Core 2.1API sends out as many as two requests to IS for each user request:
GET /.well-known/openid-configuration/jwks HTTP/1.1
IS response ->HTTP: HTTP/1.1 200 OKPOST /connect/token HTTP/1.1
IS response ->HTTP/1.1 400 Bad Request
IS setup:
new Client
{
ClientId = "native_clien
AllowedGrantTypes = new[] {"password", "client_credentials", "external" },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 600, //86400,
IdentityTokenLifetime = 600, //86400,
UpdateAccessTokenClaimsOnRefresh = true,
AbsoluteRefreshTokenLifetime = 2592000,
AllowOfflineAccess = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AlwaysSendClientClaims = true,
Enabled = true,
RequireClientSecret = true,
ClientSecrets = new List<Secret>{
new Secret(configuration.GetConnectionString("NativeClientApiKey").Sha256()),
},
AllowedScopes = new List<string>{
"api_default",
"offline_access",
}
},API setup:
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = configuration.GetSection("IsHost").Value;
o.RequireHttpsMetadata = true;
o.Audience = "api_default";
});I've get 2x more load to IS than to API, when there should be a few dozen requests per day, not tens of thousands
