Check the following for visibility and troubleshooting.
HTTP Stats
Application Logs
HTTP Debug Logs
HTTP Stats
Use show virtualservice <VS-name> detail | grep oauth to view the HTTP Stats.
|. oauth_requests | 167 | | oauth_auth_requests | 56 | | oauth_invalid_sessions | 17 | | oauth_introspection_requests | 56 | | oauth_introspection_responses | 0 | | oauth_introspection_resp_failures | 0 | | oauth_access_token_inactive | 0 | | jwt_sub_unavailable | 0 | | oauth_oidc_at_hash_verification_failures | 0 | | oauth_token_refresh_requests | 0 | | oauth_token_refresh_responses | 0 | | oauth_token_refresh_resp_failures | 0 | | oauth_unauth_requests | 0 | | oauth_client_idp_redirects | 56 | | oauth_redirect_resp_with_code | 0 | | oauth_invalid_redirect_responses | 0 | | oauth_code_token_exchange_requests | 0 | | oauth_redirect_resp_state_mismatch | 0 | | oauth_redirect_resp_code_unavailable | 0 | | oauth_redirect_resp_state_unavailable | 0 | | oauth_invalid_handshake_cookie | 11 | | oauth_invalid_handshake_cookie_missing_uri | 0 | | oauth_invalid_handshake_cookie_missing_state | 0 | | oauth_corrupted_cookie | 5 | | oauth_cookie_key_not_found | 0 | | oauth_cookie_decode_error | 0 | | oauth_cookie_decrypt_error | 0 | | oauth_code_token_exchange_responses | 0 | | oauth_oidc_validation_failures | 0 | | oauth_session_create_failures | 0 | | oauth_sessions_created | 0 |
Application Logs
For the ease of troubleshooting and debugging, many significant logs are added for error scenarios. Some of the examples are listed below.
Wrong resource server secret
When the JWT token is missing audience claim
Wrong at_hash token in the ID Token response
Username in the Application Logs
During authentication callback
When authenticated (post-authentication requests)
HTTP Debug logs
HTTP debug logs can also be used to troubleshoot OAuth/OIDC related issues.
