Intermittent 401 on /oauth/ro "Authorization Extension: ETIMEDOUT"

Users are experiencing login failures (401 unauthorized) regularly. The response body from the /oauth/ro POST request contains:

{“error”:“unauthorized”,“error_description”:“Authorization Extension: ETIMEDOUT”}

The dashboard states the following “extensions” are installed for this application (I am not sure these are “Authorization Extensions”):

  • Auth0 Authorization
  • User Import / Export

What’s going on?

The source of that error is likely the Auth0 Authorization extension you installed, in particular, the issue is coming from the rule that can be automatically created by that extension. The rule performs an external call to the extension API and that call is not completing within the configured timeout. If I recall correctly the default timeout is five seconds so although you can still edit the rule to increase the timeout this will have an effect on authentication transactions and the timeout can’t also be increased without any limits because rules execution also needs to complete within a certain time frame so if you increase the request timeout you may hit an issue with rules.

Under normal circumstances the default timeout should be sufficient, however, if you went above certain thresholds in terms of amount of data being managed by the extension then the timeouts could be explained.

Where can I find more information on these “certain thresholds”?