Invalid_refresh_token HTTP 401 Errors

Over the weekend we began having authentication issues on our Auth0 Native application. This solution has been working for several years, so something has changed, but we haven’t been able to put our finger on it.

We are using an older version of the Auth0Client.cs C# library to integrate Auth0 into our application. When we attempt to call GetDelegateToken, we get an invalid_refresh_token failure with an HTTP 401 error. I should add that the Login code path works fine and will return what looks like a valid refresh token. However, using that refresh token does not appear to work correctly.

Is there someone that could help us with where to look for what may have changed?

Hi @eric2,

Thanks for taking the time to report this. We are looking into a possible incident and I will update this thread as soon as I have more information.

Hey Eric,

Could you please check if you’re using /delegate endpoint in your application? We are investigating an issue that could be causing this error for you:

It looks like we’re using the /delegation endpoint.

Could you please check now, Eric? We are monitoring the fix and would like to confirm it’s all good now. Thank you!

Still have the same failure here. Thanks for your prompt attention though. We appreciate it.

Are you able to upgrade to the latest version of the library and try again?

Unfortunately, the library that we are using is fairly out of date as it was done prior to having any kind of C# sample code directly from Auth0. I’m happy to share what we’re using if that would be helpful.

Yeah, this complicates things

In most cases, we are unable to effectively troubleshoot outdated libraries, especially if the difference goes beyond minor updates within the same major version. So this would be the first step I’d ask you to take when you can.

If possible, please try spinning off this Quickstart and use it with your tenant:

It’s also worth a shot to try using /delegation in Postman/Insomnia to see if it works with your tenant:

I don’t mind to migrate, but we’d much prefer to do that with a functional production system. Right now we have thousands of users that are unable to authenticate as a result of some kind of change on the backend that we were not aware would affect us.

If there is any way that we can get that running so we are not in the middle of a service outage, we can take our time to get the migration right and test it appropriately before rolling to a different library.

FWIW, I have never used postman before, but attempting to go there through the API Explorer ends with an error and a button to return to workspaces (which never finishes once clicked).

I was able to download and run the .NET WPF/WinForms example (our largest code base is in C# WPF). This failed with an error about HS256. Changing the live production setting (!!!) to RS256 temporarily allowed the sample app to complete authentication without the error.

This proved the sample is working as designed.

I then added another button to test the delegation endpoint. See the handlers for the button here: https://pastebin.com/HEhpMtKn. Note that I also had to modify the client initialization to include Scope = "openid offline_access";. This appears to give me a good result.

HOWEVER, our application is currently targeting the .NET 4 Client Profile. The sample would not run with the nuget package unless it was targeting .NET v4.6.2. That is a significant change that will require testing and a substantial change to our application.

Is there something that can be done to restore functionality other than us having to update our application?

I have reports from our support team and have confirmed here that our application is functioning once again. I have no idea whether those looking at this thread were the ones that made this happen, but THANK YOU! We greatly appreciate it.

We will definitely be migrating to the newer library soon, but not having to do it in a service down situation is something for which we are thankful.

No worries here for you! Teamwork makes the dreamwork!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.