Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
NAM IDP server retuns fails on access to OAuth Userinfo endpoint with error: { "error": "invalid_grant", "error_description": "Invalid token or the token has been revoked." }
Products
Access Manager (NAM)
Environment
Access Manager Version 5.0.3
Situation
The OAuth Client application fails to retrieve information from the OAuth Userinfo Endpoint at: /nidp/oauth/nam/userinfo.
The NAM IDP server returns the error:
{ "error": "invalid_grant", "error_description": "Invalid token or the token has been revoked." }
Cause
The OAuth Client (code flow) runs the:
Authorization Code request with IDP Server Node 1
Access Token Request with IDP Server Node 1
Userinfo endpoint request with IDP Server Node 2
As the LDAP Userstore servers itself are as well located behind a load balancer the the Token Revocation check reading the configured grant attribute will hit another LDAP server (replica) which has not yet been synchronized with the Access and Refresh Token Information for the given user.