Failed Silent Auth errors - 50X per minute

Hi out production app logs show we are getting “Failed Silent Auth” error 50+ times per minute. Anyone know what’s going on? I read some articles about how this can happen if you are using the Auth0 Test Google Developer Key but we are not using Social sign on.

Cheers,

Hi @maxhodges,

Are you still seeing this? There should be more info in the log. Could you post an example log with any sensitive data removed?

how do I know what’s sensitive?

We are getting like 50+ errors every minute!

Hi @dan.woda, here is an example of one of the errors (I replaced anything that looked sensitive, if that stops you from being able to troubleshoot please let us know).

{
  "date": "2022-10-27T23:10:20.221Z",
  "type": "fsa",
  "description": "Login required",
  "client_id": "QzAysdTw8aSrxJ7eHAagkmfRQa1zRDa4",
  "client_name": "Our Website",
  "ip": "173.225.320.88",
  "user_agent": "Chrome 103.0.0 / Mac OS X 10.12.6",
  "details": {
    "body": {},
    "qs": {
      "client_id": "QzAysdTw8aSrxJ7eHAagkmfRQa1zRDa4",
      "audience": "app.ourwebsite.com",
      "redirect_uri": "https://app.ourwebsite.com/login",
      "scope": "openid profile email offline_access",
      "response_type": "code",
      "response_mode": "web_message",
      "state": "clBlakJjLkdmdEZxVzFZRmh+RjdzTW1aOPEIU2VaRGFhMlZ3WD6SUmJ2Ng==",
      "nonce": "cW43SDieu09DM0VmWVpCb1IUHGluNmRTZDNTdFZGb1BvelNGbnNvMptiuP==",
      "code_challenge": "xWbOJ7lEM8L8nNKfx4poOEIUDYW1xKDm5RneUzVei6w",
      "code_challenge_method": "S256",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoiYXV0aDAtc3UiPOpzIiwidmVyc2lvbiI6IjEuMjIuOID9"
    },
    "connection": null,
    "error": {
      "message": "Login required",
      "oauthError": "login_required",
      "type": "oauth-authorization"
    },
    "riskAssessment": null
  },
  "hostname": "ourwebsite.us.auth0.com",
  "audience": "app.ourwebsite.com",
  "scope": [
    "openid",
    "profile",
    "email",
    "offline_access"
  ],
  "auth0_client": {
    "name": "auth0-spa-js",
    "version": "1.22.1"
  },
  "log_id": "90020221027231023320309716095044678167100918345888694306",
  "_id": "90020221027231023320309716095044678167100918345888694306",
  "isMobile": false,
  "id": "90020221027231023320309716095044678167100918345888694306"
}

@pablorocha,

Thanks for the additional data.

This error occurs when the existing session cannot be refreshed. There are a few different things that could be causing it.

Can you tell us more about your implementation? What SDK are you using? Could you please provide a snippet of your code too?

@dan.woda

Using @auth0/auth0-spa-js": “^1.22.1”

Here is some of our code that calls auth0 functions. Maybe you can see some red flags. Let me know if you need something else:


// Methods of Auth0 Client that are overriden with custom logic.
const methods = {
  async isAuthenticated() {
    state.isLoggedIn = await client.isAuthenticated()
    return state.isLoggedIn
  },
  async forceRefreshToken() {
    try {
      return await client.getTokenSilently({ ignoreCache: true })
    } catch (error) {
      // eslint-disable-next-line no-console
      console.log(error)
      return client.logout()
    }
  },
  async checkSession() {
    await client.checkSession()

    if (!state.user && (await methods.isAuthenticated())) {
      await apolloOnLogin()

      const userLoaded = defer()

      const claims = await client.getIdTokenClaims()
      const customClaims = claims['https://ourapp.com'] || {}
      const impersonateAsId = customClaims['impersonate-as-id']
      const impersonateById = customClaims['impersonate-by-id']

      apolloClient
        .subscribe(
          impersonateAsId
            ? {
                query: CurrentUserImpersonated,
                variables: { impersonate_as_id: impersonateAsId },
              }
            : {
                query: CurrentUser,
                variables: { auth_id: claims.sub },
              }
        )
        .subscribe({
          next: async ({ data: { users } } = {}) => {
            const [user] = users as User[]
            if (!user) {
              if (userLoaded.status === 'pending') {
                userLoaded.reject('User not found')
              }

              return null
            }

            debugLog('Self user refresh', user)

            if (state.user && state.user.role !== user.role) {
              // Force reload token when role changes
              await methods.forceRefreshToken()
            }

            state.user = camelCaseObject(user) as User
            state.user.isStaff = isStaff(state.user)
            state.user.impersonatedById = impersonateById

            if (userLoaded.status === 'pending') {
              userLoaded.resolve(user)
            }
          },
          error: (error) => {
            if (userLoaded.status === 'pending') {
              userLoaded.reject(error)
            } else {
              // eslint-disable-next-line no-console
              console.error('subscription:error', error)
            }
          },
        })

      try {
        await userLoaded.promise
      } catch (error) {
        // eslint-disable-next-line no-console
        console.error('Could not get self user:', error)
      }
    }

    state.loading = false
    return state.user
  },
  async loginWithPopup(
    options?: PopupLoginOptions,
    config?: PopupConfigOptions
  ) {
    state.popupOpen = true

    try {
      await client.loginWithPopup(options, config)
      await methods.isAuthenticated()
      state.error = null
    } catch (error) {
      state.error = error
    } finally {
      state.popupOpen = false
    }
  },
  async handleRedirectCallback(url?: string) {
    state.loading = true
    try {
      await client.handleRedirectCallback(url)
      state.isLoggedIn = true
      state.error = null
    } catch (error) {
      state.error = error
    } finally {
      state.loading = false
    }
  },
  async logout(options: LogoutOptions | undefined) {
    await apolloOnLogout()
    client.logout(options)
  },
  getCachedSession() {
    return localStorage.getItem(SESSION_CACHE_KEY)
  },
  setSession(session: string) {
    return localStorage.setItem(SESSION_CACHE_KEY, session)
  },
}

Thanks for the added context. Here are a few more questions:

  • Does every user cause a failed silent auth error/s?
  • When you log in with a test user are you seeing these errors?

It may be helpful to provide a HAR file of the transaction (you can send it to me in a DM).

@dan.woda thank you for the follow up!

  • This does not happen with every user
  • I am not able to replicate with a test user

I sent the HAR file to you, although it was not generated when the issue occurs.

Can you match the IP of the failed silent auth requests to the request of a specific user?