Error: "Could not obtain user details from token" when implementing Zitadel OpenID Connect
search cancel

Error: "Could not obtain user details from token" when implementing Zitadel OpenID Connect

book

Article ID: 413192

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • OpenID Connect (OIDC) Auth with Zitadel IDP which stops working after key refresh period
  • When the login fails we get the following error in /opt/vmware/vcloud-director/logs/vcloud-container-debug.log:

2025-07-21 14:29:20,815 | DEBUG | pool-jetty-45 | OAuthFilter | Could not obtain user details from token | requestId=########-####-####-####-############,request=GET https://<VCD>/login/oauth,requestTime=#############,remoteAddress=##.#.###.###:#####,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=text/html application/xhtml+xml application/xml;q 0.9 image/avif image/webp image/apng /;q 0.8 application/signed-exchange;...
com.vmware.vcloud.api.presentation.service.BadRequestException: Invalid OAuth key settings for org ########-####-####-####-############.

Environment

VMware Cloud Director 10.6.1.1

Cause

VMware Cloud Director (VCD) key refresh interval is 1 hour, the maximum duration during which it might not work is up to 1 hour. specifically, in cases where the Zitadel key has been refreshed but the VCD side has not refreshed yet

Resolution

Enable the Web Key management feature from Zitadel:

OpenID Connect and Oauth2 web keys | ZITADEL Docs 

Powered by Wolken Software