Mythics Blog

The Authorization Token is Invalid - idcToken

Posted on April 9, 2013 by Jonathan Hult

Tags: Mythics Consulting, Oracle, WebCenter

In WebCenter Content 11g, a new security feature was introduced. You may have run into this feature and received the following error:

Content Server Request Failed - The authorization token is invalid. It has either expired or is not appropriate for the current request. You may need to reload an earlier page in order to proceed.

If you are trying to execute most services in 11g, you must pass the service the idcToken parameter. idcToken is a uniquely generated ID for each user who is logged in. This value is tied to your user session and can expire. This value can be retrieved in Idoc Script using the idcToken variable:


If you are testing a service, you can retrieve your current idcToken value from the source of a page (the page must have loaded correctly and you must be logged in).

If you look at the page source, you will notice that this idcToken value is being passed to forms which execute a service.

You can add idcToken to a form by using the following code:

There are also a few Idoc Script includes that can help you add idcToken to your Idoc Script code.



The following configuration variable will disable this authorization check:



By default, this value is false meaning the authorization token check is enabled. It is not recommended to disable this in production as the authorization token check is there for security.


  • ! No comments yet

Leave a Comment