401 Unauthorized or 403 Forbidden

Symptom

When you try to reach your service, you get 401 Unauthorized or 403 Forbidden in response.

Cause

The error 401 Unauthorized occurs when you try to access a Service that requires authentication, but you have either not provided appropriate credentials or have not provided any credentials at all. You get the error 403 Forbidden when you try to access a Service or perform an action for which you lack permission.

Solution

Make sure that you are using an active JSON Web Token (JWT) with proper scopes.

Remedy

Decode the JWT.

Check the validity and scopes of the JWT:

bash

{
   "sub": ********,
   "scp": "test",
   "aud": ********,
   "iss": ******,
   "exp": 1697120462,
   "iat": ******,
   "jti": ******,
}

Generate a new JWT.

Istio Service Mesh

Tutorials

Technical Reference

Troubleshooting

Tutorials

Mutual TLS Authentication

Security

Custom Resources

APIGateway Custom Resource

APIRule Custom Resource

APIRule Migration

Technical Reference

Troubleshooting Guides

Working with Multiple Subaccounts

Resources

Tutorials

Troubleshooting

Technical Reference

Runtime Agent

Tutorials

Resources

Tutorials

Register a Service

VPC Peering

Resources

Tutorials

Tutorials

Resources

Troubleshooting for the Eventing Module

Resources

Troubleshooting

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Collecting Logs

Collecting Traces

Collecting Metrics

Filtering and Processing Data

Transform and Filter with OTTL

Integrate with your OTLP Backend

Architecture

Integration Guides

Resources

Tutorials

Resources

Technical Reference

Tutorials

Commands

401 Unauthorized or 403 Forbidden ​

Symptom ​

Cause ​

Solution ​

Remedy ​

401 Unauthorized or 403 Forbidden

Symptom

Cause

Solution

Remedy