Token error - 400 sub system claim cant be evaluated

Not able to successfully login with self hosted widget


Hi @arung86! The sub claim in the access token should be set to the userName attribute. Please make sure you have a claim “sub” in your access token set to (appuser != null) ? appuser.userName : app.clientId - see my example screenshot for guidance.

Security > API > Authorization Server > Claims

@arung86 Hi, not sure if you figured out the issue. Besides checking the settings @sigama mentioned,
please make sure the user is assigned to the app and the policy is set up correctly.
Added similar resolved questions for your reference.

Update: un-assigning and reassigning the user to the app also resolves this issue.

1 Like