Authentication Problems
The SDK will return one of the following errors (Password (SDKv1), API Key (SDKv2), mTLS, OIDC respectively) typically when creating the SDK client:
SDKv1:
tsm authentication failed
oidc access token unauthorized
SDKv2:
unable to fetch protocol information: tsm authentication failed: unauthorized API key
unable to fetch protocol information: tsm authentication failed: unauthorized certificate
unable to fetch protocol information: tsm authentication failed: unauthorized OIDC access token
The server error log will contain one of the following entries:
level=info msg="token validation failed: invalid token"
level=info msg="invalid API key"
level=info msg="certificate is not valid"
level=info msg="unable to validate access token: <cause>"
If the authentication mechanism is not enabled on the server the following messages will be in the server log:
level=info msg="Received bearer token but token authentication is not enabled"
level=info msg="Received API key but API key authentication is not enabled"
level=info msg="Received client certificate but TLS authentication is not enabled"
level=info msg="Received token but oidc access token authentication is not enabled"
Other errors may describe parse errors or lack of support for some of the tokens.
Note on SDKv1 401 Errors
In SDKv1 the username and password authentication occur through time-limited tickets that expire. Upon expiry, a 401
error is logged, after which the SDK automatically requests a new ticket and retries the command. Therefore, when using SDKv1, it is necessary to determine whether the 401 error is a result of a specific command or simply due to ticket reissuing, in all other situations, a 401
error signifies that the authentication was not accepted.
Updated 9 days ago