OAuth2ClientCredentials access token not working in a load balanced setup

[mastrup]

We run Umbraco in a load balanced setup in Azure.
This is the Authorized Services configuration that we are using:

"CdpApi": {
  "DisplayName": "Personalized Recommendations API",
  "AuthenticationMethod": "OAuth2ClientCredentials",
  "ClientCredentialsProvision": "AuthHeader",
  "ApiHost": "https://e2e.api.com/recommendation",
  "TokenHost": "https://e2e.api.com",
  "AuthorizationUrlRequiresRedirectUrl": false,
  "RequestTokenPath": "/oauth2/token",
  "RequestTokenMethod": "POST",
  "RequestTokenFormat": "FormUrlEncoded",
  "ClientId": "<ClientId>",
  "ClientSecret": "<ClientSecret>",
  "AccessTokenResponseKey": "access_token",
  "ExpiresInResponseKey": "expires_in",
  "JsonSerializer": "JsonNet"
}

When clicking the "Authorize Service"-button on our SchedulingPublisher the service authorizes just fine and I can see an access token being stored in the database.

If I then sign into one of our subscriber instances, I see that the service is not authorized. I can click the authorize button and the service will start working on that instance, but then my SchedulingPublisher will loose its authorization.

This is happening on Umbraco 13.7.2 running Umbraco.AuthorizedServices 10.1.1.

[acoumb]

Hi @mastrup ,

Could you give me more details on the API you are trying to authorize against? An access token present in the database should enable the testing on your service.

Have you checked the logs for any details?

Is there any option for me to have a testing environment so I can check as well?

Thanks,
Adrian

[mastrup]

Hi @acoumb,

It's a private API served through Apigee.
Once I click Authorize in our publisher instance I see an access token being created in the database.
When I do this, our integration stops working on our subscriber instances. If I subsequently log in to the back office on our subscriber, the API is no longer authorized.

When I click Authorize on our subscriber, I see the access token in the database is updated. When I check the Publisher instance after doing this, it now reports that it is not authorized.

I am not able to share an environment, but I should be able to provide you with some information that you can test the API with - I can share that via email if needed.

[acoumb]

That would be great, could you send it to aco@umbraco.com?