https://xsts-keys.auth.xboxlive.com/psskeys is returning expired signing keys
Jingchen Wu
0
Reputation points
Hello!
We've noticed that https://xsts-keys.auth.xboxlive.com/psskeys sometimes returns expired keys and we're currently unable to verify some tokens because they're signed by some other keys we're unable to retrieve.
e.g. I've just sent a request to this API and the first key I've got is:
{
"nbf": 1731802803,
"exp": 1731946803,
"tie": 1731889203,
"iat": 1731795606,
"n": "...",
"e": "AQAB",
"alg": "PS256",
"kid": "031beff8-e3da-435b-b522-d772b3592666",
"kty": "RSA",
"use": "sig"
},
the exp field says that the key expires at Mon Nov 18 2024 16:20:03 GMT+0000 and I sent the request at 16:40 18th November GMT.
This API worked perfectly until Wednesday last week, and we started seeing this issue since then.
Sign in to answer