Invalid token error in IntelliJ plugin

Update timeline

1. identified Mar 20, 2026, 12:40 PM UTC

   Users are experiencing issues when using the IntelliJ plugin, as it throws an Invalid token error during usage. This blocks expected functionality within the plugin.

2. identified Mar 20, 2026, 06:53 PM UTC

   We are continuing to work on a fix for this issue.

3. resolved Mar 24, 2026, 04:29 PM UTC

   The incident has been resolved and now the IntelliJ plugin is working correctly.

4. postmortem Mar 26, 2026, 04:14 PM UTC

   **Impact** At least one user encountered a "The token entered is invalid" error message when opening the IntelliJ plugin or adding a token. The issue started on UTC-5 25-11-12 14:13 and was reactively discovered 3.7 months \(TTD\) later by a customer who reported through our help desk [\[1\]](https://help.fluidattacks.com/agent/fluid4ttacks/fluid-attacks/tickets/details/944043000064180963) that the plugin remained unusable as vulnerabilities failed to load. The problem was resolved in 12 days \(TTF\), resulting in a total window of exposure of 4.1 months \(WOE\) [\[2\]](https://gitlab.com/fluidattacks/universe/-/work_items/21395). **Cause** The problem was caused by how the plugin handled large amounts of data and secure connections. The internal "engine" of the plugin was trying to perform too many tasks at once on a single pathway, causing it to freeze or "starve" for resources. Additionally, there was no set time limit for how long the plugin should wait for a response from the servers; if the server took too long to organize the data, the plugin would simply hang indefinitely. Because the plugin didn't provide any updates on what it was doing in the background, it eventually showed a generic "invalid token" error as a default failure message, even when the token itself was perfectly fine [\[3\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/88533). **Solution** We restructured the plugin's internal workflow to allow it to handle multiple tasks simultaneously without freezing the user interface. We also set a strict 30-second time limit for server requests to ensure the plugin doesn't get stuck waiting forever. To make the process faster, we changed how the plugin gathers information so it can ask for multiple pieces of data at the same time rather than one after another. Finally, we added clear status messages so users can see exactly what the plugin is doing while it loads, providing immediate feedback instead of a confusing error message [\[4\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/98189). **Conclusion** By improving how the plugin manages its internal tasks and communication with our servers, we have made the login and loading process more reliable. Users with large amounts of data can now access their information without the plugin freezing or showing misleading errors. We will continue to monitor the loading speeds to ensure the experience remains smooth as we add more features. **UNHANDLED\_EXCEPTION < MISSING\_TEST < INCOMPLETE\_PERSPECTIVE**