{auth0}/tokeninfo 504 Gateway Time-out

rokos · March 9, 2020, 11:49am

Hello,
we are getting 504 Gateway Time-out for /tokeninfo endpoint when providing invalid token. For any valid token it works fine, but once the token expires or is invalid any other way (mangled etc.) it fails on 504.

Thank you,
Tomáš

jmangelo · March 9, 2020, 4:07pm

It’s technically possible for that endpoint to return a 404 in some tenants; this is because this is a legacy endpoint and as such some (newer) tenant no longer have access to it.

However, the 404 would be a consistent behavior; I just tested this on an older tenant and I’m unable to reproduce.

With a valid ID token I get the expected response and once the token expires I get a 401. Can you share a cURL command (redact the token part) that represents the HTTP request you’re performing?

rokos · March 10, 2020, 8:06am

Hello @jmangelo! Thank you for response. While preparing the curl sample I find out that the behavior is pretty strange. When I simply do curl https://spaceknow-test.auth0.com/tokeninfo?id_token=mandled it properly returns Unathorized. However if I use token with three parts it hangs for a minute and I got HTML with Gateway timeout. I played with that and if I completely remove the third (sign) portion it again works fine. I am OK to send you in some direct message the token for more digging.
It’s part of our i9n tests and the failure started on Saturday March 6th. If that might help your digging.
BTW: I am aware that this is legacy end point so I am also trying to understand how urgent is to upgrade our Auth0 usage.
Thank you, Tomáš

jmangelo · March 11, 2020, 3:59pm

That’s interesting; from what you shared it may be that it is the overall ID token length is somehow influencing the outcome.

Can you check the ID token length in terms of total characters and share here? Also, can you try the use of an HTTP POST to that endpoint as mentioned at (Authentication API Explorer) instead of a GET request?

With the POST the ID Token would be sent in the request body (JSON) so it would also be a relevant test to perform.

rokos · March 11, 2020, 4:53pm

Thank you for your suggestion, about the POST and payload, it’s strange, but it works also with query parameters. When using POST and payload I got the same result. The token size is 292 characters