Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Can't sign in

Symptom: ScaiKey rejects the password#

You enter your password and ScaiKey shows "invalid credentials" or similar. That's a ScaiKey issue, not ScaiWave — check your tenant's SSO config or contact your admin.

Symptom: Loop between ScaiKey and ScaiWave#

You sign in, get redirected back, and immediately get sent to ScaiKey again. Usually means the redirect URI is misconfigured:

  • ScaiWave expects redirect_uri to point at <SCAIWAVE_HOST>/v1/auth/login.
  • ScaiKey's allowed-redirect-URI list must include that exact URL.

Have an admin check both sides. If using a load balancer, make sure HTTPS termination preserves the host header.

Symptom: 401 immediately after sign-in#

You sign in, land in the app, but every API call returns SW_AUTH_INVALID_TOKEN. Causes:

  • Clock skew between your client and the server > 60 seconds. Check the system clock.
  • ScaiKey JWKS not reachable by the ScaiWave server. Admin should check SCAIWAVE_SCAIKEY_URL is right and the network path is open.
  • Cached old token. Hard-reload the page (Cmd+Shift+R / Ctrl+F5).

Symptom: "Tenant not found"#

The token validates but SW_TENANT_NOT_FOUND is returned. The tenant_id claim in your token doesn't match a row in sw_tenants. Either:

  • Your tenant was deleted (ask your admin).
  • The tenant exists but with a different scaikey_tenant_id than the one ScaiKey is signing you with. Admin needs to run scaiwave sync to reconcile.

Symptom: Local dev — no sign-in prompt#

If you're in mock-auth mode (SCAIWAVE_AUTH_MODE=mock), there's no real sign-in; you're auto-logged-in as the mock dev user. That's expected.

If you wanted real ScaiKey auth locally, set SCAIWAVE_AUTH_MODE=scaikey and configure SCAIWAVE_SCAIKEY_URL etc. (See Configuration.)

Symptom: Federated user can't see federated rooms#

You're a federated guest in someone else's room and you can't see it. Likely the foreign server hasn't accepted your home server's peering. Their admin needs to add yours to allowed_peers.

What to check (admin)#

  • GET /v1/auth/config returns valid JSON.
  • GET /health returns 200 with checks.database = "ok".
  • ScaiKey's /.well-known/openid-configuration is reachable from the ScaiWave pod.
  • Logs around the failing request — grep for auth.token_invalid or auth.tenant_resolution_failed.
Updated 2026-05-17 13:10:03 View source (.md) rev 3