I can see this error in both Nextcloud 26.0.8 and Nextcloud 27.1.3.
There are hundreds of messages in the log “Token is too short for a generated token, should be the password during basic auth” and they can be clearly assigned to different users.
These messages are mainly related to calendar synchronization from different clients “DAVx5, Thunderbird, etc.”.
I have prepared the logs in such a way that it is easier to recognize the files and line numbers concerned.
In the log appear e.g. these details of the messages (excerpt):
Thunderbird/115.4.1
"url":"/remote.php/dav/calendars/Username/Calendarname/",
"message":"Session token is invalid because it does not exist",
"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:115.0) Gecko/20100101 Thunderbird/115.4.1","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token is too short for a generated token, should be the password during basic auth","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":114,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":232,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":139,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":179,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:REPORT",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Server.php","line":365,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/remote.php","line":172,"args":["/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],
"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":155,
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},
DAVx5/4.3.8-ose
"url":"/remote.php/dav/calendars/Username/Calendarname/",
"message":"Session token is invalid because it does not exist",
"userAgent":"DAVx5/4.3.8-ose (2023/10/12; dav4jvm; okhttp/4.11.0) Android/13","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token is too short for a generated token, should be the password during basic auth","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":114,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":232,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":139,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":179,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Server.php","line":365,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/remote.php","line":172,"args":["/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],
"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":155,
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},
When using the Nextcloud Files app, the following errors then each appear in the log (excerpt):
Nextcloud-android/3.26.0
Login failed: 'Username' (Remote IP: '2003:**********')
"url":"/ocs/v2.php/cloud/user?format=json",
"message":"Session token is invalid because it does not exist",
"userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token does not exist: token does not exist","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":580,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/base.php","line":1150,"function":"tryBasicAuthLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v1.php","line":61,"function":"handleLogin","class":"OC","type":"::","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v2.php","line":23,"args":["/volume1/web/nextcloud/ocs/v1.php"],"function":"require_once"}],
"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":163,"Previous":{"Exception":"OCP\\AppFramework\\Db\\DoesNotExistException",
"Message":"token does not exist","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":172,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenMapper","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":528,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":438,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":580,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/base.php","line":1150,"function":"tryBasicAuthLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v1.php","line":61,"function":"handleLogin","class":"OC","type":"::","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v2.php","line":23,"args":["/volume1/web/nextcloud/ocs/v1.php"],"function":"require_once"}],
"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenMapper.php","Line":89},
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},
Essentially, the following messages keep popping up:
“Token is too short for a generated token, should be the password during basic auth”
“Session token is invalid because it does not exist”