Slack: https://redhat-internal.slack.com/archives/CB53T9ZHQ/p1712192294761459
2nd Slack: https://redhat-internal.slack.com/archives/CB53T9ZHQ/p1712957935295239?thread_ts=1712192294.761459&cid=CB53T9ZHQ

following snippets are copied from 1st thread:

 
Hello Team, IHAC try to create ROSA Cluster but failed to get the API token * Current Status:

• Unable to generate a token for creating a ROSA Cluster in AWS.

• Actions so Far :

• Verifying ROSA prerequisites

• all Green

• Follow KCS https://access.redhat.com/solutions/6068211, but not working.

• login/logout not working
• no remove button

• There was a bug awhile ago where some url with query parameters was causing this same symptom
• Try directly to: https://console.redhat.com/openshift/token/rosa/show no works too
• Collect the SSO token error payload and response
• Create a SNOW ticket for the RH IT User team to request checking the customer RH account “vineetha.kajuluri@cat.com” by sending email to it-user-request@redhat.com.

• Then was told the issue was belongs to OCM

========================

 
Hello.  I am a lead engineer on  the RH Advanced Cluster Management (RHACM) team, and we have functionality that makes use of RHOCM as a data source of clusters that a customer may want to import into RHACM to manage them.  I was recently referred to this thread by @Tyler Golden when I reached out to him re problems I was having getting OCM/ROSA offline tokens.  I have since found a resolution to my issue, and maybe my experience provides info on the issues discussed here.Last week, I set up a series of new RH accounts (in the prod environment) for use in testing our ACM functionality.  I had created accounts to act as org administrators vs. users.  After getting them set up, I found that I was unable to get OCM offline tokens for any of these new accounts.  The symptoms I saw matched what has been reported here, eg. the symptoms captured by @judzhu in his thread-originating post: * Attempt to get a token from the openshift/token endpoint yielded the not-really-helpful error about maybe having too many tokens already (which couldn't be true since this happened on first attempt to get offline tokens).

• Navigating to the suggested page to see/revoke the token, I found now revoke butting, which based on browsing other related Slack threads indicates these ids didn't really have tokens already (no surprise, they were new ids)
• Using browser developer tools on one of the load-token requests, I could see the  failed token requests with input payload included "code: undefined" as described above.
• Trying the suggested logging out workarounds, none worked for me.

So I think I was experiencing/reproducing everything reported here.Then, on one of the log out/re-login attempts, I guess I did something different.  Not sure what, exactly.  But when re-logging in under one of my new  RH accounts I was presented with a redirect to a page to accept the Enterprise Agreement, which I guess I had not previously did for that account.  And after doing the redirected agreement thing, the RH account I was using was then able to get an offline token.I managed to recreate this for each of the RH account ids I was having trouble with, and after having the Enterprise Agreement redirect accepted, each of my new RH accounts was able to get a OCM/ROSA offline token successfully the https://console.redhat.com/openshift/token endpoint.I thought I had captured the Enterprise Agreement page I was redirected to to be able to post it here for reference, but I now can't find my capture of it.  Sorry about that.I am now a happily unblocked user, but I thought it useful to capture my resolution here since my original symptoms so closely matched those being reported from customers etc.