Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Triaging/understanding Auth0 errors #277

Closed
jamieparkinson opened this issue Mar 24, 2022 · 3 comments
Closed

Triaging/understanding Auth0 errors #277

jamieparkinson opened this issue Mar 24, 2022 · 3 comments
Assignees
@jamieparkinson
Labels
🐛 Bug Something isn't working

Comments

@jamieparkinson
Copy link
Contributor

jamieparkinson commented Mar 24, 2022
edited
Loading

We are seeing intermittent errors from Auth0 which we don't immediately understand; this issue is an attempt to understand them and triage them. It may be that some of them are "expected" in which case we should try to filter them out from the alerting service.

  • Missing required parameter: response_type
    Type: f
    Full error: 
     {
   "message": "Missing required parameter: response_type",
   "oauthError": "invalid_request",
   "type": "request-error"
 }
  • You may have pressed the back button...
    Type: f
    Full error: 
      {
    "message": "You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.",
    "oauthError": "access_denied",
    "type": "oauth-authorization"
  }
  • Unknown or invalid refresh token.
    Type: fertft
    Note: This comes from the identity webapp - investigate there.
  • Unsuccessful Refresh Token exchange, reused refresh token detected
    Type: ferrt
    Note: This comes from the identity webapp - investigate there.
  • Invalid authorization code
    Type: feacft
    Note: This comes from the identity webapp - investigate there.
@jamieparkinson jamieparkinson self-assigned this Mar 24, 2022
@jamieparkinson jamieparkinson added the 🐛 Bug Something isn't working label Mar 24, 2022
@jamieparkinson
Copy link
Contributor Author

jamieparkinson commented Mar 24, 2022
edited
Loading

You may have pressed the back button...

I can see no evidence that this comes from our applications - my best guess is that either the error description is completely correct and this is an "expected" failure mode, or that an external provider has misconfigured something to do with OpenAthens.

There are some posts in the Auth0 forum that suggest setting application default login URLs as a mitigation - this has been done.

Status: won't/can't fix
Action: filter this out from the Slack alerting

@jamieparkinson
Copy link
Contributor Author

Refresh token errors

It seems plausible that these are both being caused by refresh token reuse detection. The maintainer of the Auth0 Next.js SDK suggests that refresh token rotation should be disabled, or at least that the leeway (reuse interval) should be increased: auth0/nextjs-auth0#498 (comment)

Status: continuing to monitor
Action: Increase leeway to 120s as a first mitigation. If we continue to see the error, consider disabling RTR.

@jamieparkinson jamieparkinson mentioned this issue Mar 24, 2022
Merged
@jamieparkinson
Copy link
Contributor Author

Closing for now, watching for more errors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamieparkinson jamieparkinson

Labels
🐛 Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jamieparkinson