Troubleshoot the ForgeRock Token Vault
How do I fix CORS errors?
Make sure your CORS configuration in your ForgeRock authorization server allows and accepts origins from both the origin of your main app and also the origin of the Token Vault Proxy.
These two origins should be unique from one another.
What can cause iframe errors?
This is likely an error coming from the /authorize
request to collect OAuth 2.0 or OIDC tokens.
Make sure you are using ForgeRock SDK for JavaScript 4.0 or newer.
To diagnose the issue, copy the full /authorize
request URL from the network tab in your dev tools and paste it into your browser’s URL field to directly visit it.
A 400 error coming from the /authorize
endpoint could be caused by a misconfiguration. For example, if a consent page is rendering ensure you enabled the implied consent property in both your OAuth 2.0 Provider and the OAuth 2.0 client.
Make sure you are allowing the use of third-party cookies. For example, the incognito or private modes in Chromium browsers disable third-party cookies by default, as do Webkit-based browsers.
Why are the tokens not being stored?
If you are receiving tokens from the /access_token
endpoint but they are not getting stored, this is likely caused by the Token Vault Interceptor not routing the requests to the Token Vault Proxy configured in your main app.
Only the Token Vault Proxy can store tokens when the ForgeRock Token Vault is enabled.
To fix this, ensure your config is identical between your main app’s SDK config found in Config.set()
and the config found in your Token Vault Interceptor file.
We recommend using environment variables, rather than hard-coding the values directly in each of the modules.
Why does the Interceptor (Service Worker) not work or report errors in Firefox or Safari?
Your bundler is likely not bundling the Token Vault Interceptor into a single file, and language features are present in the bundle that these browsers do not support in a Service Worker context.
Ensure that your bundler configuration, such as Vite or Webpack, is creating a single file output and that it is down-leveled to ES2020
.
We recommend a dedicated bundle configuration for the Token Vault Interceptor, separate from your application bundle.
What can cause 400 Proxy Error
?
These errors often occur when the Token Vault Proxy itself is encountering an error, and not actually an error response from your ForgeRock authorization server.
Inspect the network tab in your dev tools to find the specific error message in the response, which will help you debug the underlying issue.