Overview
This article explains the cause of fertft events with the description:
Token could not be decoded or is missing in DB
Applies To
fertftevents- Refresh Token Exchange
Cause
The error “Token could not be decoded or is missing in DB” occurs because the Refresh Token (RT) is no longer valid or available in the database. Common reasons for this include:
- Reused: The RT was part of a token family invalidated due to reuse. An application attempting to reuse a rotating RT causes the entire RT family’s invalidation, potentially logging an error like "Reused rotating refresh token detected, revoked the family". The Auth0 database then deletes the token. Subsequent use of this RT triggers this error because the token no longer exists or is invalid.
- Revoked: The RT was explicitly revoked. This action renders the RT invalid or leads to its removal from the database. Consequently, any subsequent attempt to use it causes this error.
- Expired: The RT reached its expiration based on its configured lifetime. Expired tokens are invalid. Attempting to use an expired RT results in this error, as such tokens are typically cleared or fail validation.
- Pruned: The system pruned the RT. This typically occurs when the 200 limit on active RTs per user per application is met, causing the removal of older tokens. Using a pruned RT leads to this error because the token no longer exists.
Solution
The appropriate action depends on the cause of the RT issue:
- If the RT was reused: Modify the application logic to ensure RTs are not reused after they have been exchanged.
- If the RT expired or was revoked: The user must sign in again to the application to obtain a new RT.
- If the RT was pruned: Adjust the frequency of forced re-authentication in the application that generates numerous RTs. Reducing a high re-authentication rate can prevent the premature pruning of older RTs used by other applications.