Updates in Jira does not reflect in ServiceNow and throws "Bad token" error - Support and Troubleshooting

Updates in Jira does not reflect in ServiceNow and throws "Bad token" error Issue When a Jira bidirectional integration is built, the updates from ServiceNow will flow to Jira but the updates in Issues at Jira does not reflect in ServiceNow.

Hence it does not trigger the Jira Webhook subflows.

If we further look at the system logs, we can see Bad token error.

Also, the node logs will throw the below error.

SEVERE *** ERROR *** sn_jira_spoke (JiraWebhookAuthenticator): Bad token

Cause Thee token sent from the Jira does not match with the token generated under web hook registry in ServiceNow.

Hence during validation, the script includes "JiraWebhookAuthenticator" throws "Bad Token" error.

Resolution The change in the token could be because of 2 reasons.

1. When a secret token is regenerated in ServiceNow, it changes the webhook callback URL.

The webhook callback URL looks something like below.

https://abc.service-now.com/api/sn_jira_spoke/jira_webhook_callbacks/wh_entry?ni.nolog.id=fabefeed97b1f110fc3ef3500153af6f&ni.nolog.token=%EF%B7%9E%EF%B7%9F%EF%B7%92cafc951c1bb1a150f396ed72b24bcb41%EF%B7%AC%EF%B7%941%EF%B7%AC%EF%B7%ADUcaYha8z0PyLWFJoSLBTmw%3D%3DowMGMF5HDracPp09PgQYoJ8upg4PqMn2T2fnZKDFIZsbgJMi%EF%B7%AE%EF%B7%AF

In the above URL, ni.nolog.token is one of the query parameter and the value is generated based on the secret token in webhook registry.

Ensure that we have the same callback URL registered at the Jira end.

When we receive any webhook events from Jira, we can see the callback URL in the node log.

Sample:

Dec 4 15:28:52 adc07b adcv2_abc_ytz0[55771]: [adcv2_access] src=104.192.142.241 vip=149.96.228.180 instance=abc node=10.10.10.10:16006 method=POST uri=/api/sn_jira_spoke/jira_webhook_callbacks/wh_entry?ni.nolog.id=fabefeed97b1f110fc3ef3500153af6f&ni.nolog.token=%25EF%25B7%259E%25EF%25B7%259F%25EF%25B7%2592042f3a2197f1f110fc3ef3500153afac%25EF%25B7%25AC%25EF%25B7%25941%25EF%25B7%25AC%25EF%25B7%25AD_iPQqfC_afXHCmuCe-qZfA%253D%253DY7Oa8qZ00E1-CyppxckRMGZwkhZ_I5ozIsoLPMrWdTWx_GB2hh_xmlM3nx4Z7Ft01nGQq4tW1J2sxwWmyRyp30ZN6D0aB3LwFIrZqP1PqAEHiIyBzifk_Me44I8gy3tffzxOq9P_1GYS1rZ63ZWPP58IoqBKxjSHfu2n7-OPlHIWoa0F6o2Rz-L8Avy4MwMuAkxAqFSoiX64PdyBcYtH4IF1QEVA2VJCqBLyCOtZMlMvHrPr_QLB9wkoLRcXDAFtyyW6p4fSV269ghuki2CQXQ%253D%253D%25EF%25B7%25AE%25EF%25B7%25AF&triggeredByUser=xyz reqtime=0.042 rtt32=23044 uct=0.000 uht=0.020 urt=0.020 us=200 rescode=200 ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256 ssl_protocol=TLSv1.2 ua="Atlassian Webhook HTTP Client" ssib=0 s=042597 txid=5aa4a693096c h=h1

We can compare the callback URL based on above URL. This URL should match with instance URL.

You can also test the callback URL in postman.

Just try POST method and hit the callback URL. If that gives 200 response, then the callback URL is valid.

2. The other reason why we see this error is due to Jira decoding the UTF-8 based webhook callback URL using a non UTF-8 decoder.

Token as seen in the webhook callback url

%EF%B7%9E%EF%B7%9F%EF%B7%92aeb53c8c1b3a81d4758ba75b234bcb86%EF%B7%AC%EF%B7%941%EF%B7%AC%EF%B7%ADLl2QTbjJmURFdMphJ1auIA%3D%3DklsSn4NDa4CQvBWDX1OqR92NDEWW%EF%B7%AE%EF%B7%AF UTF-8 URL Encoded value of the encrypted token

﷞﷟﷒aeb53c8c1b3a81d4758ba75b234bcb86﷬﷔1﷬﷭Ll2QTbjJmURFdMphJ1auIA==klsSn4NDa4CQvBWDX1OqR92NDEWW﷮﷯ Token we get in the query params from Jira after hitting the callback URL.

ï·žï·Ÿï·'aeb53c8c1b3a81d4758ba75b234bcb86ï·¬ï·"1ï·¬ï·Ll2QTbjJmURFdMphJ1auIA==klsSn4NDa4CQvBWDX1OqR92NDEWWï·®ï·¯ As the token in the Query parameters we received from Jira does not match the expected token, the callback fails with the Bad Token Error.

The issue was resolved by Jira support with a configuration change on the Jira server

Edit conf/server.xml and find the line where the HTTP Connector is defined. It will look something like this, possibly with more parameters -

Add a URIEncoding="UTF-8"property to the connector:

Restart Tomcat