Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledgebase
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Image Artist Spectrus, Percepta, Katalyst, Luminata and more
Downloads
Downloads
Community
Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Signals Notebook: IP Restriction Affects Authorization Code Exchange (OAuth 2.0 Authorization Code Flow)

Masaki Asami
  • Updated

Description

When the "Restrict IP Access" setting is enabled in a Signals Notebook tenant that uses the OAuth 2.0 Authorization Code Flow with PKCE, the IP restriction is enforced during the authorization code exchange step — not just for GUI and API access.

This can cause unexpected failures in backend integrations that exchange authorization codes for bearer tokens. 

Problem

The OAuth 2.0 authorization code exchange fails when all three of the following conditions are met:

  • "Restrict IP Access" is enabled in the tenant's Signals Configuration.
    • Note: If this checkbox is not selected, no IP restriction is applied and this issue will not occur.
  • The tenant is configured to issue bearer tokens via OAuth 2.0.
  • The public IP address of the backend system making requests to the token endpoint is not included in the allowed network list.

Symptom: The token endpoint returns HTTP 401 when the backend attempts to exchange the authorization code for an access token.

Solution

The tenant administrator must add the public IP address (or IP range) of the backend system to the IP allowlist in the Signals Notebook configuration.

To modify the IP address restriction, the configuration is located at Signals Configuration → System Settings → Authentication. Please refer to the following knowledge base article for details.

Signals Notebook: How to restrict IP addresses?

Comments

0 comments

Article is closed for comments.