Uncaught (in promise) Hl: Requesting access token failed at http://localhost:3000/static/js/vendors~main.chunk.js

[Lapaenergy]

Describe the issue:

////////////////////////////////////////////////////////////////////////////////////////////////////// const redirectUrl = http://localhost:3000;

const config = { signInRedirectURL: redirectUrl, signOutRedirectURL: redirectUrl, clientID: CLIENT_ID, clientSecret: CLIENT_SECRET, serverOrigin: SERVER_URL, scope: ['openid'], prompt: 'login', };

<AuthProvider config={config} fallback={

Initializing...

}>{children}

////////////////////////////////////////////////////////////////////////////////////////////////////// const { signIn, state } = useAuthContext();

const authentication = async () => { try { await signIn({ disableTrySignInSilently: true }); console.log('signed in'); } catch (e) { console.log('error', e); } };

Request on getting Token was successfully fired (can check it in Network tab into Chrome) but "signIn" line was frozen and console.log didn't call. Also we have got next error in console:

main.js:30 Uncaught (in promise) Hl: Requesting access token failed at http://localhost:3000/static/js/vendors~main.chunk.js:4801:37

Expected behavior: I need to get token and trigger when login was successfull

[brionmario]

This looks like an id_token validation failure.

To narrow down the issue, could you pass the following additional config to the AuthProvider and try the login again.

const config = {
    ...
    validateIDToken: false
}

[Lapaenergy]

This looks like an id_token validation failure.

To narrow down the issue, could you pass the following additional config to the AuthProvider and try the login again.

const config = {
    ...
    validateIDToken: false
}

If I add this property - it starts to work, thanks)

Also I need to ask you, how can I disable auto silent login ?

Expected - it's call signIn with redirect to wso2 login page every time I click on sign-in button.

Actual - Now I click on sign-in second time and receive result immediately without redirection

[brionmario]

If I add this property - it starts to work, thanks)

Actually turning the validateIDToken to false is actually not a solution. ID token validation can fail due to several reasons. Could you please verify the following?

1. Any network requests are getting failed (jwks etc)
2. Your PC's time is in sync. Because the nbf claim is validated with the id_token validation and if the time difference between the server and the local machine is more than the default tolerance, then the validation will fail (Check clockTolerance config in https://github.com/asgardeo/asgardeo-auth-react-sdk#authreactconfig)
3. Decode the id_token using https://jwt.io/ and see if you can spot any issues that could cause a validation failure 🙂

Also I need to ask you, how can I disable auto silent login?

The actual expectation of the silent login is to get the check and login without prompting the login page for credentials.

Are you getting the login page continuously?

You can turn off the silent login using the disableTrySignInSilently.

[Lapaenergy]

1. Any network requests are getting failed (jwks etc)

• I avoid CORS issue with use Chrome extension. Requests are sucessfull

2. Your PC's time is in sync. Because the nbf claim is validated with the id_token validation and if the time difference between the server and the local machine is more than the default tolerance, then the validation will fail (Check clockTolerance config in https://github.com/asgardeo/asgardeo-auth-react-sdk#authreactconfig)

• I had tried to change (increase) tolerance value to large and nothing happened.

  3. Decode the id_token using https://jwt.io/ and see if you can spot any issues that could cause a validation failure 🙂

• Looks like all things are okay { "at_hash": "Eh6SpSXp18ZT6zpZ-YSABQ", "sub": "alex3@mail.ru", "amr": [ "BasicAuthenticator" ], "iss": "https://dev.site.io:9448/oauth2/token", "given_name": "Alla", "aud": "5iwHg927WOHLT5XifJNe4gsk0JQa", "c_hash": "0uTVqCfbIzPyiZ1muYXZqQ", "nbf": 1637160614, "azp": "5iwHg927WOHLT5XifJNe4gsk0JQa", "exp": 1637161214, (exp at 17:00, I've fired request at 16:52) "iat": 1637160614, "family_name": "Marlon", "email": "alex3@mail.ru" }

[Lapaenergy]

Are you getting the login page continuously?

• Only once I had login page. I have got response immediately all next times without redirection. If I do revokeAccessToken, after that redirection happened again. So, need I revoke token each time or we have property to prompt login in any time ?

[thivi]

1. Any network requests are getting failed (jwks etc)

• I avoid CORS issue with use Chrome extension. Requests are sucessfull

2. Your PC's time is in sync. Because the nbf claim is validated with the id_token validation and if the time difference between the server and the local machine is more than the default tolerance, then the validation will fail (Check clockTolerance config in https://github.com/asgardeo/asgardeo-auth-react-sdk#authreactconfig)

• I had tried to change (increase) tolerance value to large and nothing happened.

3. Decode the id_token using https://jwt.io/ and see if you can spot any issues that could cause a validation failure 🙂

• Looks like all things are okay { "at_hash": "Eh6SpSXp18ZT6zpZ-YSABQ", "sub": "alex3@mail.ru", "amr": [ "BasicAuthenticator" ], "iss": "https://dev.site.io:9448/oauth2/token", "given_name": "Alla", "aud": "5iwHg927WOHLT5XifJNe4gsk0JQa", "c_hash": "0uTVqCfbIzPyiZ1muYXZqQ", "nbf": 1637160614, "azp": "5iwHg927WOHLT5XifJNe4gsk0JQa", "exp": 1637161214, (exp at 17:00, I've fired request at 16:52) "iat": 1637160614, "family_name": "Marlon", "email": "alex3@mail.ru" }

Can you confirm if your iss attribute in the id token is the same as the beginning portion of your .well-known endpoint?

[arantespp]

I'm facing the same issue on mobile. Could you help me debug the error? Here is more detail about the error https://github.com/asgardeo/asgardeo-react-native-oidc-sdk/issues/17

[Lapaenergy]

1. Any network requests are getting failed (jwks etc)

• I avoid CORS issue with use Chrome extension. Requests are sucessfull

2. Your PC's time is in sync. Because the nbf claim is validated with the id_token validation and if the time difference between the server and the local machine is more than the default tolerance, then the validation will fail (Check clockTolerance config in https://github.com/asgardeo/asgardeo-auth-react-sdk#authreactconfig)

• I had tried to change (increase) tolerance value to large and nothing happened.

3. Decode the id_token using https://jwt.io/ and see if you can spot any issues that could cause a validation failure 🙂

• Looks like all things are okay { "at_hash": "Eh6SpSXp18ZT6zpZ-YSABQ", "sub": "alex3@mail.ru", "amr": [ "BasicAuthenticator" ], "iss": "https://dev.site.io:9448/oauth2/token", "given_name": "Alla", "aud": "5iwHg927WOHLT5XifJNe4gsk0JQa", "c_hash": "0uTVqCfbIzPyiZ1muYXZqQ", "nbf": 1637160614, "azp": "5iwHg927WOHLT5XifJNe4gsk0JQa", "exp": 1637161214, (exp at 17:00, I've fired request at 16:52) "iat": 1637160614, "family_name": "Marlon", "email": "alex3@mail.ru" }

Can you confirm if your iss attribute in the id token is the same as the beginning portion of your .well-known endpoint?

May you extend your answer ? I'm not sure what is it - iss.

[thivi]

Can you try the instructions here? https://medium.com/identity-beyond-borders/fix-invalid-id-token-issue-in-wso2-identity-server-5-11-0-6bd9f7dc5db6

[pavinduLakshan]

Closing since this issue is stale and seems not to be reproducible. Please feel free to reopen if you continue to face this error.