Last Updated: Sep 4, 2024
Overview
The Auth0/oauth/token endpoint is used to perform Username-Password authentication (ROPG flow, /oauth/token endpoint with username and password to get a token/refresh token ). The first 10 attempts are successful, but after that, a 503 error appears. The x-ratelimit in the response header was checked, and it does not appear to have been exceeded.
This article details what could cause this issue and how to resolve it.
Applies To
- Cloudflare
- 503 Error
- Resource Owner Password Flow (ROPG)
Cause
A possible cause might be hitting some rate limit on the Cloudflare side.
As mentioned here:
- An “Error 503: Service Unavailable” with no Cloudflare in the message means you need to contact your hosting provider for assistance. It generally means your host is rate limiting requests to your site or that I’m Under Attack Mode has been enabled on the domain.
- An “Error 503: Service Temporarily Unavailable” with “Cloudflare” means you are hitting a connection limit in a Cloudflare data center. When this happens, please contact Cloudflare Customer Support. Include as many of the details mentioned in the Quick Fix Ideas as possible.
Solution
The solution is suggested here:
- When posting, please include the domain name, the time, and the timezone of the 503 error occurrence. Check the host logs prior to posting.
- When posting here, please include a traceroute between the origin and one of Cloudflare’s IP addresses, ideally one of the addresses that usually sends requests to the site. See how to run a traceroute test 506.
- If seeing a traffic surge or attack against the site, when posting in the Community, let us know if this is seen in the error logs from the host.
- Disable Always Online if it is enabled.