I’ve been running Tyk in development for quite some time (18 months), I haven’t seen this issue before. I see that there have been some reports about it on the forums from the last few years), but I think this is a new development due to an update in Tyk.
We have JWT files that expire in 24 hours. After 24 hours, we log in again to get a new JWT, but the error persists (Key has expired, please renew). My suspicion that this is a new problem is evidenced by the fact that I have a separate server that hasn’t been refreshed with the new Tyk container, and it does not exhibit this problem. I also suspect that this problem is only a week old - perhaps I missed an announcement, or I have an old config or something, but with no changes on our end, I suspect that this is related to a software update.
I’ve been looking around Redis to see what I can learn, and I can resolve this issue if I remove the keys that start with apikey-* (apikey-91496527 for example). Looking at the values, the expiration of these key appears to be correct, but they are not updating when the user logs in again after the 24 hours have expired. Once I remove the user’s record from Redis, the user gets access again - the same key is recreated and the expiration is updated in the value object.
To reiterate, here’s the sequence of events:
- User logs in - Redis record is created -> User can access API’s
- Wait 24 hours -> User can’t access API’s
- User Logs in again, gets new JWT with new expiration - > User can’t access API’s
- Delete the apikey-* from Redis -> User can access API’s (new record with same key is created).
Basically, Redis isn’t updating when a user logs in if the key already exists for that user.
Happy to provide more information, just let me know what you need.