ASP.NET Core 5 Identity reset password token is randomly invalid
Using IdentityServer4 + ASP.NET Core Identity with .NET 5.
Our password reset endpoint throws errors, however, if I re-send the request a few times (the exact same request), it works again.
Here's a summary of our process: after the user verifies, I generate the password reset token like this:
Then I pass this token to the front end, which sends this token to the password reset endpoint, where this token is validated:
The
This issue only occurs in our production environment; our testing environments do not exhibit this problem. The issue seems isolated to the
Steps I've taken so far:
Verified that the token generated by
Ensured the token is sent in the request body to prevent encoding/decoding mismatches.
Confirmed that the
Any idea what could be causing this? at this point I'm feeling lost and don't know where to look. One suspicion I have, is that there might be several instances of our identity app running, and that maybe causing the issue (although I don't know if that would cause an issue in the first place). I'd be happy to provide more code if needed.
(reposted from SO, as I got no answers there :harold: )
Thanks!
Our password reset endpoint throws errors, however, if I re-send the request a few times (the exact same request), it works again.
Here's a summary of our process: after the user verifies, I generate the password reset token like this:
var token = await _userManager.GeneratePasswordResetTokenAsync(user);Then I pass this token to the front end, which sends this token to the password reset endpoint, where this token is validated:
The
VerifyUserTokenAsyncThis issue only occurs in our production environment; our testing environments do not exhibit this problem. The issue seems isolated to the
PasswordResetTokenProviderSteps I've taken so far:
Verified that the token generated by
GeneratePasswordResetTokenAsyncEnsured the token is sent in the request body to prevent encoding/decoding mismatches.
Confirmed that the
SecurityStampAny idea what could be causing this? at this point I'm feeling lost and don't know where to look. One suspicion I have, is that there might be several instances of our identity app running, and that maybe causing the issue (although I don't know if that would cause an issue in the first place). I'd be happy to provide more code if needed.
(reposted from SO, as I got no answers there :harold: )
Thanks!
