Token validation log format examples

This log includes a record of all token validation attempts. Every attempt is captured as a single JSON object. Each attempt is separated by a newline

The file naming convention is token_validation.log.<date>, where <date> is a rotating time stamp that changes every 6 hours.

Example of a successful validation –
{
  "timestamp": 1666212810729,
  "time": "2022-10-19 20:53:30 GMT",
  "requestId": "Y1BjysCoDiYAAGc5GUMAAABF",
  "requestUri": "/manager/api/json/1.0/viewSystem.adm",
  "clientIp": "10.255.251.62",
  "connectIp": "10.255.251.62",
  "purpose": "access",
  "claims": {
    "sub": "0123456789",
    "iss": "https:// {tenant-host}/oidc/endpoint/default"
    "exp": 1666220009000,
    "iat": 1666212809000,
    "email": "example@ibm.com "
  },
  "success": true,
  "errorCode": null,
  "errorMessage": null
}
Example of a validation failure -
{
  "timestamp": 1666220658442,
  "time": "2022-10-19 23:04:18 GMT",
  "requestId": "Y1CCccCoDiYAAGc5HOUAAABe",
  "requestUri": "/manager/api/json/1.0/viewSystem.adm",
  "clientIp": "10.255.251.78",
  "connectIp": "10.255.251.78",
  "purpose": "access",
  "claims": {
    "sub": "0123456789",
    "iss": "https:// {tenant-host}/oidc/endpoint/default",
    "exp": 1666227856000,
    "iat": 1666220656000,
    "email": null
  },
  "success": false,
  "errorCode": 7,
  "errorMessage": "JWT audience rejected: [33c7ffb2-6ce2-4fc7-935c-6496e20f4a3b]"
}