/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
In the SAP Commerce 2211 for JDK 21 (local env) , after a server restart, all previously issued OAuth2 access tokens stop working. Clients receive HTTP 401 Unauthorized responses when calling protected APIs with tokens that were valid before the restart. The issue occurs consistently on every pod restart and affects all token types issued via the Authorization Code flow, Client Credentials flow, and Refresh Token flow.
Error response observed on the Resource Server side:
{"error_code":"invalid_token","error_description":"An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found"}
|
No token revocation events are logged. The tokens have not expired based on their configured TTL.
Read more...
Environment
- SAP Commerce 2211 for JDK21
Product
Keywords
OAuth2, access token, invalid token, 401 Unauthorized, pod restart, server restart, JWT signature, DefaultJwkSource, token validation, Authorization Server, key rotation , KBA , CEC-SCC-PLA-PL , Platform , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)