Error "EAC: Verify ID token (invalid client: 8)" – Causes and Quick Solutions

1) EAC error “Verify ID token (invalid client: 8)”

The error stems from the fact that Easy Anti-Cheat's authentication token verification fails. Players are kicked out when attempting to connect. This often occurs when the third-party authentication service is unavailable (for example, due to an ISP infrastructure issue) or there is a root certificate or network issue on the server.

What I do step by step

1. I'm enabling a temporary bypass (until third-party services are stable and restored):

    // server.cfg или через консоль сервера server.encryption 1 server.anticheattoken 0 Important: // server.cfg или через консоль сервера server.encryption 1 server.anticheattoken 0

   This reduces the level of EAC verification. Once external services stabilize, I return server.anticheattoken 1 .

2. I check the OS certificates on the dedicated server/VDS (outdated root certificates, such as Amazon Trust, are often the culprit). I update the certificate chain and restart the OS/services.
3. I check the network/firewall : ports and outgoing connections for EAC should be allowed, no transparent proxy that can break TLS.
4. I keep the server and EAC up to date : I update the game server to the latest build.

When to return the anticheattoken

 server.anticheattoken 1

2) Error “attempted to read past the end of the buffstream”

This error means the game is trying to read more data than was actually received. Simply put, a packet/buffer is broken somewhere, or the data format doesn't match the expected one. In practice, the causes are as follows:

• Client/server or mod versions do not match, data format is broken.
• Corrupted server files (map/save/DB) or client.
• The server plugin returned incorrect data (serialization/protocol error).
• Network problems: traffic interruptions or "cuts".

What works for me

1. Synchronizing versions : I'm updating the server to the latest version, and asking players to verify the integrity of their Steam files.
2. Test without plugins : I temporarily disable uMod/Oxide plugins and check if the error goes away. Then I enable them one by one to find the culprit.
3. I check the server's integrity : saves, maps, local databases. If there are any signs of damage, I roll back/recreate them.
4. Network : I check the MTU, the absence of DPI/proxy, and the channel stability. I restart host nodes/routes if necessary.

If "buffstream" started appearing after server.anticheattoken 0 , I check plugins that rely on network communication/server RPCs: sometimes they can scale up a problem that was previously hidden.

3) Brief table: symptoms → cause → what to do

4) Checklist for admins (briefly)

• OS certificates are up to date (root chains are installed).
• Ports and outgoing connections for EAC/TLS are not cut by the firewall/proxy.
• The server has been updated to the latest version of Rust (and EAC).
• If you need to let players in now - server.encryption 1 + server.anticheattoken 0 (temporarily!).
• After third-party services stabilize, return server.anticheattoken 1 .
• For "buffstream" - check versions, integrity, plugins (one at a time), saves/maps, network.

5) FAQ

Is it possible to always keep server.anticheattoken 0 ?
I don't do that. It's a temporary measure to save the online experience while the root problem is being fixed. Then I'll reinstate token verification.

Where can I check the status of third-party services?
Providers usually have public status pages. If the problem is widespread, it quickly surfaces on social media and in community reports.

How do I know if a plugin is to blame?
I disable all plugins → check. If everything works fine, I enable them one by one and see when the bug returns.