Token validation log format examples
This log includes a record of all token validation attempts. Every attempt is captured as a single JSON object. Each attempt is separated by a newline
The file naming convention is token_validation.log.<date>, where <date> is a rotating time stamp that changes every 6 hours.
Example of a successful validation –
{
"timestamp": 1666212810729,
"time": "2022-10-19 20:53:30 GMT",
"requestId": "Y1BjysCoDiYAAGc5GUMAAABF",
"requestUri": "/manager/api/json/1.0/viewSystem.adm",
"clientIp": "10.255.251.62",
"connectIp": "10.255.251.62",
"purpose": "access",
"claims": {
"sub": "0123456789",
"iss": "https:// {tenant-host}/oidc/endpoint/default"
"exp": 1666220009000,
"iat": 1666212809000,
"email": "example@ibm.com "
},
"success": true,
"errorCode": null,
"errorMessage": null
}
Example of a validation failure -
{
"timestamp": 1666220658442,
"time": "2022-10-19 23:04:18 GMT",
"requestId": "Y1CCccCoDiYAAGc5HOUAAABe",
"requestUri": "/manager/api/json/1.0/viewSystem.adm",
"clientIp": "10.255.251.78",
"connectIp": "10.255.251.78",
"purpose": "access",
"claims": {
"sub": "0123456789",
"iss": "https:// {tenant-host}/oidc/endpoint/default",
"exp": 1666227856000,
"iat": 1666220656000,
"email": null
},
"success": false,
"errorCode": 7,
"errorMessage": "JWT audience rejected: [33c7ffb2-6ce2-4fc7-935c-6496e20f4a3b]"
}