OIDC Timeout: Appsmith crashes with error 503

Issue

Error:

editor stdout | 10.2.6.24 - - [03/Mar/2023:13:00:07 +0000] "GET /api/v1/tenants/current HTTP/1.1" 500 148 "https://skybase.libremfg.ai/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
editor stdout | 
backend stdout | [2023-03-03 13:00:07,746]  - [66d831b2-904049]  500 Server Error for HTTP GET "/api/v1/users/features"
backend stdout | org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_grant] Token is not active
backend stdout | 	at org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler.handleError(OAuth2ErrorResponseErrorHandler.java:66)
backend stdout | 	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
backend stdout | Error has been observed at the following site(s):
backend stdout | 	*__checkpoint ⇢ com.appsmith.server.configurations.SessionFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ com.appsmith.server.filters.MDCFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ AuthorizationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ ExceptionTranslationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ LogoutWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ ServerRequestCacheWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ AnonymousAuthenticationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ OAuth2LoginAuthenticationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ org.springframework.web.filter.reactive.ServerHttpObservationFilter [DefaultWebFilterChain]
backend stdout | 	*__checkpoint ⇢ HTTP GET "/api/v1/users/features" [ExceptionHandlingWebHandler]

Resolution

Users get this error because the access token has expired, and Appsmith cannot refresh it. To resolve this, you need to add offline_access scope to your OIDC configuration.

Resource links

Updated

OIDC Timeout: Appsmith crashes with error 503

Resource links

Updated

OIDC Timeout: Appsmith crashes with error 503

Related solutions

Unable to Log in With SSO When Using a Custom Domain

Keycloak error - unable to login via SSO

SSO Error: "Invalid request" When Accessing the App from the IdP