Reputation: 7265
WSO2 - access token validation failed error message returned when making API calls
I have started facing an issue where I can no longer make API requests shortly after requesting a new access token from our WSO2 instance.
After getting the new new token and making a subsequent API request, I get the following error:
code: 900901
description: Access failure for API: xxxx, version: v1 with key: <access_token_here>. Make sure your have given the correct access token
message: Invalid Credentials
In our API Manager system logs (carbon application), I can see the following:
Invalid OAuth Token : Invalid input. Access token validation failed
I understand what the error is, I just don't understand why it happens right after I have just requested a new token and try to use it for API requests.
I was able to make API requests fine up until recently. The only thing I can think of is that maybe my access to the API's is being blocked for some reason.
I have been experimenting with dealing with token expiry cases when making an API request, handling the expiry (refreshing the token) and using the new access token retrieved to re-perform the original API request. I have had some situations with the code I have written to do this where it has misbehaved and ended up spamming the WSO2 gateway, so I'm wondering if this is down to some throttling threshold I have breached and so my API access has been restricted? The API's I am subscribed to are with Unlimited Usage, so I can't see it being this.
I can request new tokens and make subsequent API requests using other accounts, so this makes me think it has to be something specific to my own login. Is there anyway I can debug this further through viewing certain WSO2 logs?
FYI - We are using WSO2 API Manager version 1.9
Upvotes: 1
Views: 8962
Answers (2)
Reputation: 12513
There can be only 2 causes for this error.
- The token is invalid.
- The token is expired or revoked.
To debug the issue, check the validity_period of token response. Also, you can check the token state in IDN_OAUTH2_ACCESS_TOKEN table.
Upvotes: 3
Reputation: 12087
How did you request a new access token? Did you use the API Store console? In that case the previous token is revoked (invalidated) and new token is requested.
When using application specific tokens (client_credentials), seems only a single token instance is assigned to the specific application (ClientKey) and that is returned until expired or revoked. I assume it will be similar with user tokens (password or code profiles).
There we leverage the "Production" and "Sandbox" keys of the configured application. I'd suggest you keep the "Production" keys to be used by your real application and you can "play" on the API Store console with sandbox tokens.
Upvotes: 0
Related Questions
- Token validation issue
- WSO2 API Manager Throws Exceptions for Paralle Requests
- How to get rid of this error fetched while authenticating with JWT token at WSO2 IS?
- OAuth validation fails for valid token in wso2 IS 4.6
- wso2 Getting token for invalid credentials for password grant
- WSO2 API Manager error code for grant type password invalid
- wso2: Error while accessing backend services for API key validation
- Application User tokens Gives Resource Forbidden error in WSO2 API Manager
- WSO2 API Manager API authentication failure
- WSO2 API Manager oAuth2 secret_token validation service problems