Hi, I am successfully using Auth0 for the access token management for the api I created. For a few days a customer has been reporting to me about problems related to refreshing the access token using refresh token. Instead of returning the new access token it returns 401. unauthorized, while if you make the call through Postman everything works fine.
I have checked everywhere for the past 2 days, but still haven’t been able to fix the problem.
One of the ip used is “136.143.190.43”, in particular it is part of the American server farm of “Zoho CRM”.
Has anyone already encountered a similar problem?
I also changed an application from “Regular Web Application” to “Machine to Machine” and now I can’t restore the previous category anymore. is it possible to do it somehow?
Hello,
Thanks for the reply.
I think it is not related to brute force protection as one of the first tests I carried out was to deactivate this protection.
Also, after re-enabling it, I whitelisted the entire affected subnet.
The main problem is that I don’t even get a connection log from addresses that are having trouble authenticating.
Yesterday I talked to the person affected by the problem and had their firewall system checked, so in the meantime I would say to keep this issue pending.
I’ll get back to you in case the firewall check fails