Auth0 API returns 400 with HTML error page after token refresh

Hello All,

We have been facing a peculiar issue with the auth0 API and the auth0 team is very persistent that this is not a problem coming from their end. This is what happens:

  1. We make a request to any auth0 API endpoint (doesnt matter which one it is), with an expired access token and we get a 401 back.
  2. We call the /oauth/token endpoint to get a new access token.
  3. We repeat the call to the original endpoint wanted to call and we get the following 400 error back

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

These are the response headers:
Content-Length:[155],Cf-Ray:[-],Server:[cloudflare],Date:[Sun, 28 May 2023 14:50:38 GMT],Content-Type:[text/html]

The endpoint response is HTML not JSON and the response header is missing a Cf-Ray ID. If we retry the same request after a few seconds it succeeds with a 2xx JSON response. We believe this HTML error is originating from some cache inside auth0 infrastructure. We dont have any cloudflare layer between our API client and auth0, so it cannot be originating from our side. But auth0 support is not very helpful and they are adamant that this not coming from their side.

At this point, we dont have an option other than to assume this 400 HTML will be returned and retry. But, we thought it could be useful to ask the community if anyone else is facing the same issue? Could someone write to us, if you have seen something similar?

Thanks and have a nice day!

2 Likes

I’ve seen this error happen occasionally in our logs as a response we receive from auth0’s management API! It’s rare and seems possibly related to a Management API Access Token being incorrect or expired, but I’m not sure.

Did you ever figure out what was going on? It’s confusing to receive a response from auth0 that isn’t JSON-encoded and doesn’t explain the actual problem. We also do not have a cloudflare layer, so this seems to be originating from auth0.