The current implementation of getting the claims for the new token from the ClaimsPricipal of the expired token, creates duplicate audiences and thus fails after the first token refresh.

Recalculating the claims based on the userId from the ClaimsPrincipal resolves this issue.

Hi @akema-trebla,

Thanks for the pull request. Version 3.2.1 includes your fix and another fix from @emorell96, and it is released as a NuGet package now.

Hi @JonPSmith

That's great to know. Happy to help.