We should be able to download the contents from Marketplace successfully to utilize the applications.

• We receive an error while we try to download content from vmware marketplace. [ 07xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxf6  ] 400 Bad Request: "{"id_token":"","token_type":"","expires_in":0,"scope":"","access_token":"","refresh_token":""}"

Token ID value is being returned as null.

• You will see below stack trace from HAR files:

{

  "minorErrorCode": "INTERNAL_SERVER_ERROR",

  "message": "[ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx ] 400 Bad Request: \"{\"id_token\":\"\",\"token_type\":\"\",\"expires_in\":0,\"scope\":\"\",\"access_token\":\"\",\"refresh_token\":\"\"}\"",

  "stackTrace": "org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: \"{\"id_token\":\"\",\"token_type\":\"\",\"expires_in\":0,\"scope\":\"\",\"access_token\":\"\",\"refresh_token\":\"\"}\"\n\tat org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:101)\n\tat org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:168)\n\tat org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:122)\n\tat 
 

Below logs are observed in /opt/vmware/vcloud-director/log/vcloud-conatiner-debug.log and /opt/vmware/vcloud-director/log/vcloud-container-info.log:

2023-11-06 13:50:14,102 | ERROR | pool-jetty-68 | DefaultExceptionMapper | Internal server exception | requestId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx,request=GET https://vcd_fqdn/cloudapi/1.0.0/catalogContentSources/urn:vcloud:catalogContentSource:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx...,requestTime=1699249813204,remoteAddress=x.x.x.x:10138,userAgent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/5...,accept=application/json;version 39.0.0-alpha;multisite global
org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: "{"id_token":"","token_type":"","expires_in":0,"scope":"","access_token":"","refresh_token":""}"
at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:101)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:168)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:122)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:825)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:783)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:608)
at com.vmware.vcloud.backend.contenthub.RestClientBase.exchange(RestClientBase.java:163)

at com.vmware.vcloud.backend.contenthub.RestClientBase.exchange(RestClientBase.java:157)
at com.vmware.vcloud.backend.contenthub.marketplace.client.impl.MarketplaceClientImpl.login(MarketplaceClientImpl.java:114)
 ...
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)

        at java.base/java.lang.Thread.run(Thread.java:829)

In CSP, for the customer's account, if MFA is enabled then this issue occurs.

POST https://gtw.marketplace.cloud.vmware.com/api/v1/user/login

Request Body:
{
"refreshToken":"<token>"
}

• VCD and Marketplace doesn't support MFA enabled API token.
• Check if the token which is being used is valid or not by using the below API call.

POST https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize
Request Body:
Select x-www-form-urlencoded - In Body Section in postman

Add key as api_token and Value as Api token.
If the MFA is enabled for the customer's account in CSP, the response for this token will be invalid.
Example:
---
{
"errorCode": null,
"message": "'passcode' is mandatory when User MFA device is enabled",
"statusCode": 400,
"requestId": "123xxxxxxxxx",
"metadata": null,
"moduleCode": 540,
"traceId": "7xxx534xxxxxxxxxxx0c",
"cspErrorCode": "540.2403"
}
---

• Customer can check the same from CSP UI.

Navigate to:
CSP UI: Account -> API token
Under that, we will be able to see token and MFA options.

If the token is invalid and MFA is enabled, please proceed to disable the MFA for the customer's account and try the same operation again and it should be able to list the applications successfully.