Monitoring the Resource Server Adapter

The monitoring mechanisms for the Resource Server Adapter are similar to the Authorization Server or the Wallet Server. The types of monitoring and logging mechanisms available and the alert levels are all the same. Refer to the Monitoring the Authorization Server chapter for details.

While some log outputs are common across all components, there are several unique Lookup codes and associated alert levels for the RSA. The following tables list all applicable exceptions associated to the RSA.

Resource Owner Token Exceptions

Alert Level	Lookup Code	Message
3	08.001.001	"The JWT must be signed and must be of a valid format."
3	08.001.002	"The JWT verification failed."
3	08.001.003	"The signing secret was deactivated and can no longer be used."
3	08.001.004	"The signing secret was not found."
3	08.002.001	"Invalid Resource Owner Token - The token must be a base64 encoded string."
3	08.003.001	"The JWT must be signed with an allowed algorithm."
3	08.004.001	"no resource was found with that identifier"
3	08.004.002	"The JWT verification failed - Missing Authorization."
3	08.004.003	"The JWT verification failed - Insufficient scopes."

UMA Exceptions, WWW Authenticate Exception and Authorization Server Unreachable Exception

Alert Level	Lookup Code	Message
2	09.001.001	"The access token is invalid."
2	09.001.002	"The access token failed introspection: {0}"
2	09.001.003	"Unable to register resource, auth server responded with {0}"
2	09.001.004	"unable to get a permission ticket for request"
2	09.001.005	"The access token is invalid."
2	09.001.006	"The PAT negotiation was unsuccessful."
2	09.001.007	"Unable to negotiate own PAT."
2	09.001.008	"Invalid Resource Owner Token - The token must be a base64 encoded string."
2	09.001.009	"199 - UMA Authorization Server Unreachable"
1	09.000.001	WWW Authenticate exception - no message, instead the response will include a `www-authenticate` header
3	09.000.002	Authorization Server Unreachable - the response will include a `warning` header with the exception message

OAuth Provider Exceptions

Alert Level	Lookup Code	Message
3	06.001.000	"An internal server error occurred."
2	06.001.001	"Malformed application/x-www-form-urlencoded request"
3	06.001.002	"An internal server error occurred. {0}"
2	06.001.003	"Authorization header was invalid."
2	06.001.004	"No matching access token found."
2	06.001.005	"No matching refresh token found."
1	06.001.006	"Access token has expired."
1	06.001.007	"Access token has been disabled and is no longer valid."
1	06.001.008	"Refresh token has expired."
1	06.001.009	"The refresh token provided is invalid, please obtain authorization again"
2	06.001.010	"Client with ID [{0}] was not found."
2	06.001.011	"Proof Key for Code Exchange (PKCE) authentication failed."
2	06.001.012	"The code challenge is invalid - must be between 43 and 128 characters."
2	06.001.013	"Code challenge is required"
2	06.001.014	"The code verifier is invalid."
2	06.001.015	"Code challenge method is missing or must be set to S256"
2	06.001.016	"Authorization code was not found or has been redeemed"
2	06.001.017	"Authorization code is expired."
3	06.001.018	"This authorization code is for a different client."
3	06.001.019	"This refresh token is for a different client."
3	06.001.020	"This token was issued for a different client and cannot be revoked by the requesting client with ID [{0}]"
2	06.001.021	"This response type [{0}] is not supported."
2	06.001.022	"No request authorization could be retrieved."
2	06.001.023	"The client credentials were not valid or not supported: {0}"
3	06.001.024	"Failed to retrieve the tokens."
2	06.001.025	"The redirect URI [{0}] is not registered for OAuth Client with ID [{1}]"
1	06.001.026	"The redirect_uri cannot be empty or null"
2	06.001.027	"The redirect_uri does not match the initial request redirect_uri"
3	06.001.028	"The request is invalid"
2	06.001.029	"The client secret is incorrect."
2	06.001.030	"The provided grant type [{0}] is not supported."
2	06.001.031	"This access token does not provide sufficient scopes."
3	06.001.032	"The requested scope [{0}] is invalid or exceeds the scope granted by the resource owner."
3	06.001.033	"No data converter is suitable to convert the data to or from an internal data format."
2	06.001.034	"Invalid parameter or malformed request supplied, no request type found."
2	06.001.035	"Invalid parameter or malformed request supplied: {0}"
1	06.001.036	"The request is invalid: {0}"
3	06.001.037	"No suitable request converter, {0}"

Claim Restriction Exceptions

Alert Level	Lookup Code	Message
2	06.000.001	"claim has been restricted"

OAuth Client Exceptions and Client Token Error Exceptions

Alert Level	Lookup Code	Message
2	04.001.100	"Unable to retrieve the access token"
3	04.001.101	"Unable to create client auth for token endpoint"
3	04.001.102	"No ongoing transaction found for this state value: [{0}]"
2	04.001.103	"OAuth transaction has expired, please try again"
2	04.001.104	"UMA transaction took too many trips without completing"
3	04.001.105	"Unable to retrieve provider metadata from well-known endpoint"
3	04.001.106	"OAuth Provider did not have a JWK set registered."
3	04.001.107	"OAuth Provider with issuer URI [{0}] is not registered."
2	04.001.108	"Unable to fetch UserInfo"
2	04.002.001	Message from an OAuth Client Token Error varies, returned from downstream provider.

Service Provider Exceptions and Need Info Exception

Alert Level	Lookup Code	Message
3	05.001.001	"Could not parse FPX RPT. The subject of the RPT did not match the `ticket_value` of the Permission Ticket"
3	05.001.002	"Could not parse FPX RPT. The resource_type and/or resource_location of an Access Token are null."
3	05.001.003	"Could not parse FPX RPT. Please contact your administrator."
3	05.002.001	"Received unexpected response from RS: {0}"
2	05.003.001	"Could not find Capability Ticket with name [{0}]"
3	05.003.002	"Could not exchange Capability Ticket at the Authorization Server."
2	05.004.001	"No active transactions found for state value: [{0}]"
0	05.000.001	"need_info"

JWT Exceptions

Alert Level	Lookup Code	Message
3	07.001.001	"unable to load jwks from url"
3	07.001.002	"provided jwt is invalid"
3	07.001.003	"JWT could not be parsed"
3	07.001.004	"JWT signature is invalid"
3	07.001.005	"Issuer does not match JWT."
3	07.001.006	"JWT could not be signed"
3	07.001.007	"provided JWT was not signed"
3	07.001.008	"idtoken did not validate"

Framework and HTTP Exceptions

Alert Level	Lookup Code	Exception Name	Example Message
1	00.000.001	Authentication Exception	"Access denied - unauthenticated"
1	00.000.002	Access Denied Exception	"Access denied - unauthorized"
1	00.000.003	HTTP Request Method Not Supported	"HTTP method not supported. Check the 'Allow' response header to see supported methods."
1	00.000.004	Missing Servlet Request Parameter	"Required request parameter 'request_param_1' for method parameter type int is not present"
1	00.000.005	Request Rejected	"The request was rejected because the URL contained a potentially malicious String \"//\""
1	00.000.006	No Handler Found	"Not found - no handler for GET /non-existent-path"
1	00.000.007	HTTP Message Not Readable	"HTTP message could not be read: if this is a POST request, check that you included a request body."
1	00.000.008	HTTP Media Type Not Supported	"Content type 'text/html' not supported"
1	00.000.009	Method Argument Type Mismatch	"Invalid boolean value [not-a-boolean]"
1	00.000.010	Binding Error	"Binding error: see the error_list for details"
1	00.000.010	Constraint Violation	"Constraint violation: [request_arg must not be blank, request_arg size must be between 2 and 3]"

Resource Owner Token Exceptions​

UMA Exceptions, WWW Authenticate Exception and Authorization Server Unreachable Exception​

OAuth Provider Exceptions​

Claim Restriction Exceptions​

OAuth Client Exceptions and Client Token Error Exceptions​

Service Provider Exceptions and Need Info Exception​

JWT Exceptions​

Framework and HTTP Exceptions​