APIM Fails to Regenerate New Token When Cached Token Invalidates After IdP Restart #4557
Description
Hi Team,
When using “Secure Endpoint with OAuth 2.0” for backend invocation, API calls fail with HTTP 403 errors. This issue occurs after the Identity Provider (IdP) is restarted. During the restart, all previously issued tokens are marked as invalid at the IdP level.
However, the API Manager continues to use the cached token until the original expires_in time elapses. Because the token cache cannot be disabled and the system does not attempt to regenerate a new token when the cached token becomes invalid, backend calls continue to fail with 403 errors until the token naturally expires.
Impact
- API calls fail for the full duration of the access token lifetime following an IdP restart.
- There is no configuration to disable or bypass the token cache.
- The gateway does not attempt token regeneration on invalid token responses.
Best Regards,
Ruvindi