Failed to obtain access token - How to identify the connection name

Get Help
,
1

We are seeing ‘Failed to obtain access token’ and we have a number of connections configured for Azure AD (EntraID). The log message only gives you the client ID. Is there a way to use the clientID in the log to locate which connection it relates to?

3

Hi @peter.cowen,

Welcome to the Auth0 Community!

Please allow me some time to investigate the matter and I will be back with more pieces of information as soon as possible.

Thank you,
Remus

4

Thank you, If there isn’t. do you know if you can map the connection name into the log as the field is there but empty.

5

Hello @peter.cowen,

Welcome to the Auth0 Community!

For events such as “seacft”, “slo”, “sapi”, “seccft”, “feacft”, or “api_limit”, which I believe should be the case here as well, the connection_id is expected to be missing in all scenarios, and this log field is not configurable.

There is currently an internal item in our backlog about this, so what I would suggest is to create a Product Feedback to try and speed things up, since our product team is closely monitoring this category and others might be interested as well, so by receiving multiple votes the feature might be implemented rather sooner than later.

I totally understand your need for the connection_id there, since it makes monitoring and troubleshooting a lot easier. As a workaround, you can locate the connection_id either by:

  1. Correlating by Timestamp - Note the exact Timestamp and the User_id, go to Auth0 Dashboard > Logs and you can put a window of around 1-minute around that timestamp and filter for the user, so you can find another log, such as an "s" ( successful login ) that should populate the connection_id as well of the transation.

  2. Checking the Client ID
    a) If you have a manageable number of Azure AD connections you can manually check the cliend ID within your connections
    b) Use the GET /v2/connections from the Management API with the query parameter strategy=waad to list all of your Azure AD connections and locate the matching connection with by using searching for the client ID in the options.client_id object.

I hope this helps and if you have further inquiries into the matter please don’t hesitate to ask.
Thank you and kind regards,
Remus