The document security token is not correctly formed. Please contact your document server administrator

Hello, I encountered some problems when trying to use OnlyOffice. I deployed the free version of OnlyOffice on CentOS7 and downloaded the Java example. I tried to run the Java example. Prompt “The document security token is not correctly formed. Please contact your document server administrator. Press” OK “to return to document list.” According to the document, I modified [ files.docservice.secret ] in [ settings.properties ] and made it consistent with that in [ local.json ] When I rerun the example, I still reported the same error. I hope to get some help, thank you.

1

2

Hello @A_MaxFun

To apply changes made to local.json config you have to restart Document Server services with command systemctl restart ds-* (use supervisorctl restart all from inside the Document Server Docker contaienr if used Docker as installation method).

Yes, I tried to restart the service, but the problem is still the same. (I didn’t use Docker)

Please provide us log all files of Document Server after reproducing the issue for analysis. Logs are located in /var/log/onlyoffice/documentserver/.

[2023-03-06T23:31:27.525] [WARN] [localhost] [1558988863] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =
[2023-03-06T23:31:42.180] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting…
[2023-03-06T23:31:42.184] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. File system | Node.js v19.7.0 Documentation
[2023-03-06T23:31:42.366] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.3.2. Build: 8
[2023-03-06T23:31:45.989] [WARN] [localhost] [1791551126] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =
[2023-03-07T00:13:54.449] [WARN] [localhost] [230042446] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =

This error entry means that the JWT Token is improperly configured on the Java example side. After changing the secret did you recompile your Java example with new configuration?

Also, just as a side note, we recommend using custom JWT Headers, for example, AuthorizationJWT.

After reconfirmation, I recompiled my Java sample and confirmed that the configuration information was consistent with local.json. It is still the error of “The document security token is not correctly formed. Please contact your document server administrator”. I also tried to modify the request header, and it didn’t have any effect.

Just to clarify: by recompile I mean to re-built the package and reupload WAR file to Tomcat.

In test purposes you can try disabling JWT Token on Document Server side either by rerunning Docker container with variable -e JWT_ENABLED=false or by changing local.json:

  1. Find section "token" and change "inbox", "outbox" and "browser" strings to false like that:
      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false
        },
  1. After that restart Document Server services with systemctl restart ds-* to apply the change.

Of course, I repackage it to Tomcat every time. I tried to disable JWT on the server side. This time, “The document security token is not correctly formed. Please contact your document server administrator” did not appear, but a new problem occurred.

Please provide fresh logs of the Document Server.

Thank you for the log.

I was able to reproduce the issue with enabled JWT Token. We are checking the situation with this behavior. I will update the thread once I get any news.

Hi @Constantine
I have faced the same issue, any idea to solve it?

Hello @arman

We are still working on this. I will update this thread once there is anything to share.

Hi @Constantine
I found some issues,here are some of my situations:
1、I used docker to install onlyoffice/documentserver:7.2
2、I used two java demo for the onlyoffice website, when i use the secret which is the server generated. The version of java spring demo can open the file normal,but the version of java demo can not open file, the error just the same for the issue.
3、Because i copy the version of java demo, j just change some parameters, and when i open the files ,another error occurred, the error is : You are trying to perform an action you do not hava rights for.Please contact your Document Server administrator. And the server error is : fillDataFromJwt token has modified permissions
4、when i use docker start, if i disabled jwt ,i can open the file normal。

Hello @onlyofficeUser1

7.2 is an outdated version of Document Server. Please update your instance and check the situation again.
If the issue is still reproducible after the update, please provide next information:

  • version of the Java Example (you can find version in src/main/resources/settings.properties);
  • type of installation of Java Example (Windows, Linux, Docker);
  • logs of Document Server after attempting to edit the file via Java Example.

Logs are located in /var/log/onlyoffice/documentserver/ for Linux (same path inside Docker container) or in C:\Program Files\ONLYOFFICE\DocumentServer\Log\ for Windows.

hello @Constantine
I have updated the server to 7.3,the issue alawys exists。
1、The Java Example version is : 1.5.1
2、I run the example in windows
3、The server error is below

The same issue as original poster has. We are checking the situation with it.
I will update the thread once any news come up.

1 Like