unauthorized_client NextJS Frontend and Go Backend
Hello, as the title states. I have a SaaS with a golang backend with an API application, and a nextjs frontend with a PKCE application. The frontend can authenticate users normally and get the access and ID tokens, but when the access token is sent to the backend token introspection fails with the error "unauthorized_client". The same exact setup was working one day ago, what could have ruined it? I am on zitadel cloud.
4 Replies
Hi @zahi, thanks for reaching out! Sorry about the late reply. Could you please let me know if you are still facing this issue? If that's the case, could you please check if the client that represents your nextjs app and the API being used to call the introspection endpoint are under the same project/organization? If not, did you grant the project to the organization that owns the nextjs client? Can you share a screenshot of the General Settings tab for the Project where your API was created?
@Matías Same issue is present for us here with our Nuxt.js application. No code changes, API stopped working for a few days then magically started working again. It's currently happening again (last worked Friday).
Tried with the Python example from the docs, same issue.
error: "unauthorized_client". Assuming this is probably a Zitadel bug if others are facing the same thing, tried a variety of troubleshooting steps already.ZITADEL Docs
This is a guide on how to secure your API using JSON Web Token (JWT) profile (recommended).
Hi @revolvelabs_ellis, we haven't received any widespread reports of token introspection failing, just these two. Can you please let me know the answers to the same questions I asked above? Are your Nuxt.js app and API under the same project? If not, did you grant the project to the organization that owns the app? Can you share a screenshot of the General Settings tab for the Project where your API was created? Are you using Zitadel Cloud? If so, can you please let me know your instance ID and domain, and some timestamps when the call to the introspection endpoint failed?