Troubleshooting

Use this page to diagnose common TokenIDP setup, authentication, token validation, browser, and infrastructure issues.

Authorization and Login Failures

If an integration fails early in the authorization flow, verify the configured Issuer, redirect URI, client identifier, and client type settings before debugging token behavior. Public clients such as SPAs and mobile applications should also be validated for PKCE support and redirect URI restrictions.

Token Validation Issues

If downstream APIs reject access tokens, compare the API audience configuration to the aud claim issued by TokenIDP. Also verify issuer validation settings, token expiration handling, signing key synchronization, and JWKS discovery configuration.

Redirect URI Mismatches

OAuth redirect URI validation is intentionally strict. Ensure the registered redirect URI exactly matches the value sent by the client application, including protocol, port, path, and trailing slash behavior.

Browser and CORS Errors

If browser applications fail before reaching the backend APIs, review the configured allowed origins and preflight request handling. Ensure frontend and API origins are configured consistently and avoid wildcard origin policies in authenticated production environments.

Session and Login Loop Problems

Repeated redirects back to the login page are commonly caused by cookie configuration issues, proxy forwarding problems, HTTPS inconsistencies, or expired authentication sessions. Verify forwarded header handling and cookie policies when running behind reverse proxies or load balancers.

Token Signature Validation Failures

If JWT signature validation fails, confirm that downstream APIs trust the correct issuer and can access the current signing keys through JWKS discovery. Ensure signing keys or certificates have been rotated correctly and avoid reusing development signing material in production environments.

Database Startup and Migration Errors

If the platform fails during startup or migration execution, verify database connectivity, permissions, schema compatibility, and migration ordering. For first-run deployments, ensure the configured database account can create or update the required schema objects.