502 Bad Gateway errors due to large response headers from Auth0

Help
,
1

During the Auth0 token exchange process I am seeing 502 Bad Gateway errors triggered by Nginx as it attempts to proxy the response from Auth0 to my server.

The Nginx error log complains that the response header is too large:

upstream sent too big header while reading response header from upstream

The default proxy buffer limit in Nginx is between 32KB and 64KB which should be plenty big for a response.

A few questions:

  1. Why might Auth0 create large response headers which are in excess of these limits?
  2. Does Auth0 recommend disabling response buffering completely?
  3. If not, what is the maximum possible response size and/or the recommended buffer size limit?

Thanks

2

Hi @irridium :wave:

  1. The response header size will grow to accommodate the size of the SDK’s session cookie, which contains the ID and Access Tokens retrieved during the authentication process (so, the size of that cookie will scale up or down depending on what is included in those Tokens.)

    This is necessary because the SDK does not impose a backend storage mechanism. Everything needed is stored on the client.

  2. Disabling it completely shouldn’t be necessary. We do not have a recommendation there as that’s a very situational decision app-to-app.

  3. I can’t offer absolute values on that, as the SDK does not impose strict size constraints. It will scale dynamically to the size of the session data it needs to store. However, assigning an nginx config of large_client_header_buffers 4 16k usually covers most cases.