Troubleshooting OAuth errors
OAuth is used to manage the list of client applications that are allowed to prompt users for access to their HCL Connections™ data.
Overview
The OAuth support feature consists of four parts:
- The WebSphere® Application Server OAuth Application that exposes authorization and token endpoints, and a feed of authorizations.
- The WebSphere Application Server OAuth TAI that intercepts requests to OAuth-protected API endpoints and sets the user principal in the request, handling error response codes.
- The Connections OAuth Provider support module that exposes an Application Access page, Access Request screens, and a ProviderInitializer context listener that is used by all Connections applications.
- The Connections OAuth Consumer Proxy that resides in the WidgetContainer application, which is responsible of the OpenSocial gadget container.
Troubleshooting guidelines
Add the strings from table 1 to log level details. Then, restart Connections and inspect trace logs. The OAuth components are verbose and write a sizable quantity of diagnostic messages to the trace log.
| Component | Trace strings |
|---|---|
| WebSphere Application Server OAuth TAI and endpoint servlets | com.ibm.ws.security.oauth20.*=all |
| Connections OAuth Provider initializer, platform, DAO, and MBeans | com.ibm.lconn.oauth.*=all |
| CRE OAuth Consumer Proxy | org.apache.shindig.gadgets.oauth2.*=all com.ibm.mm.proxy.*=all (MuM proxy) |
| Connections CRE integration layer | com.ibm.lconn.core.services.cre.*=all com.ibm.lconn.news.shindig.oauth.service.*=all com.ibm.lconn.news.service.impl.oauth.*=all |
Troubleshooting
| Type | Error | URL | Reason | Solution |
|---|---|---|---|---|
| Response in the user interface | Error 404: javax.servlet.ServletException: Filter [OAuth20ClientAuthnFilter]: filter is unavailable. |
http://server:port/oauth2/endpoint/connectionsProvider/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code&scope=Connections&state=<state> | The authorization screen URL is invalid. This happens if the {oauthSvcUrl} placeholder in the authorization URL parameter was not replaced successfully. | Make sure the ProviderInitializer context listener completes initialization successfully. Check errors in the logs to find an appropriate solution for each case. |
Parent topic:Troubleshooting tips