Hello community. I just encountered a very strange thing today. A user sent a screenshot from our system, showing a failed authentication with the “invalid token” error. I then dug into our logs and found the http request. Which contains a general_portal_token, an access_token and an id_token.
The access_token looks weird to me as it has two dots “..” next to each other, which I have never seen before. When I paste the token into jwt.io It does decode it, but it also says “invalid signature” the payload is empty, which it should not be.
Here’s the token:
Any ideas what could have caused the token to be malformed like this?
From the screenshot, I can tell that the user is accessing our system through an unusual url, i think its some sort of company proxy or secure vpn.