JWTService.parseIdToken: Failed to get claims set error in VIP AuthHub
search cancel

JWTService.parseIdToken: Failed to get claims set error in VIP AuthHub

book

Article ID: 382783

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

Below Warning is observed in the AuthHub logs, what steps should be taken to address this?

api: /oauth2/v1/revoke
   clientIp: 10.x.x.x
   clientTxnId: 019a6e32-8d45-***
   host: <AuthHub Host>
   httpMethod: POST
   issuerUrl: https://<AuthHub Host>/common
   level: warn
   method: POST
   msg: JWTService.parseIdToken: Failed to get claims set. Exception: Cannot get claims - Invalid Claim. IdToken: <ID Token>
   relVersion: 1.0
   service: azserver
   thread: https-jsse-nio-8085-exec-4
   throwable: java.lang.IllegalStateException: Cannot get claims - Invalid Claim
    at com.broadcom.jwt.nimbus.NimbusJwtTokenParser.getClaimsSet(NimbusJwtTokenParser.java:538)

 

Environment

VIP Authentication Hub 3.3

Resolution

This is a redundant message stemming from SSP attempting to determine the type of token being revoked via /oauth2/v1/revoke(token). The code is attempting to determine if the token is a JWT (IT or AT) before trying with RT which is what this token represents.

Whatever is invoking a refresh token using this API, should be passing in token_type_hint as below, and this message will go away.

Powered by Wolken Software