Token Metadata did not contain a valid IdToken – How to solve this Elasticsearch exception

Opster Team

August-23, Version: 7.2-8.9

Briefly, this error occurs when Elasticsearch receives an invalid or missing IdToken in the token metadata. This could be due to incorrect configuration, expired tokens, or issues with the authentication service. To resolve this, you can try refreshing or regenerating the token, ensuring the correct configuration settings are in place, or checking the status and setup of your authentication service. If the problem persists, you may need to debug your code or configuration to identify the root cause.

This guide will help you check for common problems that cause the log ” Token Metadata did not contain a valid IdToken ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, metadata.

Log Context

Log “Token Metadata did not contain a valid IdToken” class name is We extracted the following from Elasticsearch source code for those seeking an in-depth context :

 final Realm realm = this.realms.realm(authentication.getEffectiveSubject().getRealm().getName());
 final JWT idToken;
 try {
 idToken = JWTParser.parse(idTokenHint);
 } catch (ParseException e) {
 throw new ElasticsearchSecurityException("Token Metadata did not contain a valid IdToken"; e);
 return ((OpenIdConnectRealm) realm).buildLogoutResponse(idToken);
 }  private void validateAuthenticationAndMetadata(Authentication authentication; Map tokenMetadata) {


How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?