OIDC issue - No token present. Request is not authorized.

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  [All]

    Description:  

    If there are issues with signing into an OIDC realm on the IdP server (for instance, looping behavior), you may see the error of "No token present. Request is not authorized." on the application side's logs during troubleshooting. This may be coupled with "Token validation failed" and an unauthorized error (401) as well.

     

    Cause:  

    There is a clock skew occurring on the server where the application resides.

     

    Resolution:  

    After having reviewed the IdP realm logs to affirm the access token and corresponding token(s) are being created, check the tokens in jwt.io with the customer to confirm they are valid. If we are sending the tokens, then the application side's logs will need to be reviewed.


    If the time on the IdP server and the server where the application resides do match, you will still need to check the times listed in the application's logs of when the token was sent and received (they should be in seconds and you may need to convert them). It is possible that there is a skew occurring here where the token is being rejected due to the time on the application server being ahead of the IdP server, so the token is then deemed as invalid.

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.