Possible causes of 401 Unauthorized ImageVaultException: Unable to request access token @ https://localhost:9901/oauth/token

The last couple of weeks I’ve been fiddling alot with various ImageVault instances and certificates in different environments and found that a common source of annoyance is the ImageVaultException stating that it’s Unable to request access token @ https://localhost:9901/oauth/token. It’s not always straight forward what might be causing this problem. I’ve summarized a couple of possible culprits in this article.

The ImageVault sdkIdentity secret

The first, and likely one of the easier one to catch is ImageVault’s sdkIdentity secret. It is chosen during installation of the ImageVault Core and must be the same for all Cores in a loadbalanced environment.

Whatever your ImageVault’s sdkIdentity secret is, it must be the same in each of the following two files in your setup:

  • Your website: {wwwroot}\imagevault.client.config
  • Your ImageVault UI: C:\ImageVault\Ui\{instance name}\imagevault.client.config (default location)

On top of this, this sdkIdentity secret value is encrypted and stored in the ImageVault database created during the ImageVault Core installation; so if you downloaded a database from your production environment and restored it locally, you’d either have to use the Production sdkIdentity secret in your local configs, or insert the new encrypted value from your local environment into the Production database. The value is stored in the ClientIdentities table.

ImageVault database table storing the ClientIdentities.

The machineKey validation

Another thing that may be the cause of this exception is the machine key validation performed when connecting to ImageVault UI. You will need to make sure that your EPiServer website’s web.config file and UI’s web.config file has the same one. The machineKey element may be found on the path /configuration/system.web/machineKey in both files. Do not forget the restart after you’re done, if you have removed the files from the watch list.

web.config

<configuration>
  <system.web>
    <machineKey validationKey="some_long_validation_key_value"
                decryptionKey="some_long_decryption_key_value"
                validation="SHA1"/>

ImageVault Core throwing exceptions

Something that may also cause this error message in the UI is if ImageVault Core is having problems. I’ve for instance received this during a semi successful ImageVault upgrade; the new Core source code expected there to be database schema alterations, but for some reason my database was still in the old version.

Leave a Reply