Unauthorized 401 - token expired?

Hi Sebastian,

could you please help understanding an issue with an oauth token?
I valid token (that was issued 27 days ago) stopped working today and we can’t understand what caused it.

I have…

  • [ x ] Checked the logs and have provided the logs if I found something suspicious there

I’m submitting a…

  • [x ] Regression (a behavior that stopped working in a new release)
  • [x ] Bug report

Current behavior

Schema: https://cloud.squidex.io/app/matmatch-cms
Client-id: matmatch-cms:prod
Several tokens were issued on October-12 (that is 27 days ago):
our timestamp for one of the tokens is: 2019-10-12 03:07:23.451

However, today we started getting - Unauthorized 401 errors for each request.

Expected behavior

In order to avoid this error in the next 27 days - understand where the issue is.


  • [x] Cloud version


  • any browser

Could you please assist?

Best regards,


tokens are only valid 30 days as stated here:

In general I would not make any assumptions about the token lifetime and just try to build a retry feature. You can acquire tokens as often as you want.

Here is how I handle it in .NET library:

I acquire a token, put in the cache for 30 days. When I get a 401 I remove it from the cache again so that the next call will start with a fresh token. You can also have one token per machine if you have a load balancer.