Authentication Problems

The SDK will return one of the following errors (Password (SDKv1), API Key (SDKv2), mTLS, OIDC respectively) typically when creating the SDK client:

SDKv1:  
tsm authentication failed
oidc access token unauthorized

SDKv2:  
unable to fetch protocol information: tsm authentication failed: unauthorized API key  
unable to fetch protocol information: tsm authentication failed: unauthorized certificate  
unable to fetch protocol information: tsm authentication failed: unauthorized OIDC access token

The server error log will contain one of the following entries:

level=info msg="token validation failed: invalid token"  
level=info msg="invalid API key"  
level=info msg="certificate is not valid"  
level=info msg="unable to validate access token: <cause>"

If the authentication mechanism is not enabled on the server the following messages will be in the server log:

level=info msg="Received bearer token but token authentication is not enabled"  
level=info msg="Received API key but API key authentication is not enabled"  
level=info msg="Received client certificate but TLS authentication is not enabled"  
level=info msg="Received token but oidc access token authentication is not enabled"

Other errors may describe parse errors or lack of support for some of the tokens.

Note on SDKv1 401 Errors

In SDKv1 the username and password authentication occur through time-limited tickets that expire. Upon expiry, a 401 error is logged, after which the SDK automatically requests a new ticket and retries the command. Therefore, when using SDKv1, it is necessary to determine whether the 401 error is a result of a specific command or simply due to ticket reissuing, in all other situations, a 401 error signifies that the authentication was not accepted.