We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Invalid JWT Signature on OAuth OIDC Provider

EduAr
Tera Contributor

‎12-12-2023 12:11 PM

Hey there,

I'm attempting to retrieve data from my ServiceNow instance using a token generated by a custom identity provider. I've configured an OAuth OIDC Provider in my application, but I'm encountering this error when I make a request:

OIDC token verification failed: com.snc.platform.security.oauth.OAuthRequestProblemException: Invalid JWT Signature: com.snc.platform.security.oauth.jwt.AbstractJWTVerifier.verify(AbstractJWTVerifier.java:321)
com.snc.platform.security.oauth.oidc.OIDCJWTVerifier.verify(OIDCJWTVerifier.java:94)
com.snc.platform.security.oauth.oidc.OIDCProvider.verifyJWTToken(OIDCProvider.java:263)
com.snc.platform.security.oauth.OpenIDConnectIDTokenUserLoader.load(OpenIDConnectIDTokenUserLoader.java:48)
com.snc.platform.security.oauth.OAuthTokenHandler.load(OAuthTokenHandler.java:60)
com.glide.sys.User.loadByOAuthOauthToken(User.java:679)
com.glide.sys.User.authenticateUsingOAuthToken(User.java:586)
com.glide.sys.User.authenticateOAuthAccessToken(User.java:562)
com.glide.sys.User.authenticateOAuthAccessToken(User.java:550)
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.base/java.lang.reflect.Method.invoke(Method.java:566)
org.mozilla.javascript.MemberBox.invoke(MemberBox.java:138)
org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:300)
org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2652)
org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1518)
org.mozilla.javascript.Interpreter.interpret(Interpreter.java:830)
org.mozilla.javascript.InterpretedFunction.lambda$call$0(InterpretedFunction.java:160)
com.glide.caller.gen.sys_script_include_65af6200d7022100f20bc8170e6103aa_script.call(Unknown Source)
com.glide.script.ScriptCaller.call(ScriptCaller.java:22)
org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:159)
org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:597)
org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3573)
org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:157)
org.mozilla.javascript.ScriptRuntime.doCall2(ScriptRuntime.java:2734)
org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2657)
org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:2437)
org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:2409)
com.glide.script.RhinoObject.callFunction(RhinoObject.java:169)
com.glide.script.GlideRhinoObject.callFunction(GlideRhinoObject.java:156)
com.glide.script.RhinoObject.callFunction_String(RhinoObject.java:202)
com.glide.script.RhinoObject.callFunction_String(RhinoObject.java:199)
com.glide.sys.authenticate.HTTPAuthenticate.invokeScript(HTTPAuthenticate.java:224)
com.glide.sys.authenticate.HTTPAuthenticate.scriptedAuthorization(HTTPAuthenticate.java:192)
com.glide.sys.authenticate.HTTPAuthenticate.authenticate(HTTPAuthenticate.java:79)
com.glide.sys.authenticate.AuthProxy.authenticate(AuthProxy.java:36)
com.glide.sys.security.HTTPAuthorization.isAuthorized(HTTPAuthorization.java:122)
com.glide.processors.HttpAuthProfileAuthorization.isAuthProfileAuthorized(HttpAuthProfileAuthorization.java:36)
com.glide.rest.processors.RESTAPIHttpAuthorization.isAuthorized(RESTAPIHttpAuthorization.java:22)
com.glide.processors.HTTPAuthProcessor.authenticateHttpRequest(HTTPAuthProcessor.java:298)
com.glide.processors.HTTPAuthProcessor.isAuthorized(HTTPAuthProcessor.java:125)
com.glide.rest.processors.RESTAPIProcessor.isAuthorized(RESTAPIProcessor.java:288)
com.glide.processors.AProcessor.isProcessorAuthorized(AProcessor.java:845)
com.glide.processors.AProcessor.shouldContinue(AProcessor.java:531)
com.glide.processors.Processor.shouldContinue(Processor.java:100)
com.glide.processors.AProcessor.processTransaction(AProcessor.java:176)
com.glide.processors.ProcessorRegistry.process0(ProcessorRegistry.java:187)
com.glide.processors.ProcessorRegistry.process(ProcessorRegistry.java:175)
com.glide.ui.GlideServletTransaction.process(GlideServletTransaction.java:58)
com.glide.sys.Transaction.run(Transaction.java:2645)
com.glide.ui.HTTPTransaction.run(HTTPTransaction.java:30)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
java.base/java.lang.Thread.run(Thread.java:829)

 

0 Helpfuls
  • 2,626 Views
10 REPLIES 10

Shantanu1
Tera Guru
In response to obrochard

‎07-07-2025 11:21 AM

Hey @obrochard 

 

just wanted to check if you were to find a fix for this please

0 Helpfuls