You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are seeing intermittent errors from Auth0 which we don't immediately understand; this issue is an attempt to understand them and triage them. It may be that some of them are "expected" in which case we should try to filter them out from the alerting service.
Missing required parameter: response_type Type:f Full error:
You may have pressed the back button... Type:f Full error:
{
"message": "You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.",
"oauthError": "access_denied",
"type": "oauth-authorization"
}
Unknown or invalid refresh token. Type:fertft Note: This comes from the identity webapp - investigate there.
Unsuccessful Refresh Token exchange, reused refresh token detected Type:ferrt Note: This comes from the identity webapp - investigate there.
Invalid authorization code Type:feacft Note: This comes from the identity webapp - investigate there.
The text was updated successfully, but these errors were encountered:
I can see no evidence that this comes from our applications - my best guess is that either the error description is completely correct and this is an "expected" failure mode, or that an external provider has misconfigured something to do with OpenAthens.
There are some posts in the Auth0 forum that suggest setting application default login URLs as a mitigation - this has been done.
Status: won't/can't fix Action: filter this out from the Slack alerting
It seems plausible that these are both being caused by refresh token reuse detection. The maintainer of the Auth0 Next.js SDK suggests that refresh token rotation should be disabled, or at least that the leeway (reuse interval) should be increased: auth0/nextjs-auth0#498 (comment)
Status: continuing to monitor Action: Increase leeway to 120s as a first mitigation. If we continue to see the error, consider disabling RTR.
We are seeing intermittent errors from Auth0 which we don't immediately understand; this issue is an attempt to understand them and triage them. It may be that some of them are "expected" in which case we should try to filter them out from the alerting service.
Missing required parameter: response_type
Type:
f
Full error:
You may have pressed the back button...
Type:
f
Full error:
Unknown or invalid refresh token.
Type:
fertft
Note: This comes from the identity webapp - investigate there.
Unsuccessful Refresh Token exchange, reused refresh token detected
Type:
ferrt
Note: This comes from the identity webapp - investigate there.
Invalid authorization code
Type:
feacft
Note: This comes from the identity webapp - investigate there.
The text was updated successfully, but these errors were encountered: