"Request to Webtask exceeded allowed execution time" error from `/authorize` endpoint or `/oauth/token` endpoint

Problem statement

Experiencing the following error message:

"Request to Webtask exceeded allowed execution time" from the /authorize endpoint or the /oauth/token endpoint" .

Explain the reason why this error may be encountered.

Symptoms

Webtask execution will fail due to the task exceeding the maximum permitted duration of 20 seconds.

This error will be thrown:

Request to Webtask exceeded allowed execution time

Cause

The “Request to Webtask exceeded allowed execution time” error means the webtask (e.g. rules/hooks/actions/custom DB scripts) cannot be completed within the execution limit, which is 20 seconds.

The possible causes for the webtask to timeout could be:

  1. Your webtask code not calling the callback() function
  2. Auth0 webtask platform is not responding
  3. Your webtask calling an external API and the external API timeout
  4. AWS/Azure cloud outage

Solution

Solutions will vary according to the source of the problem.

1) The webtask code is not calling callback() function

The webtask is completed by calling the callback() function. If the callback() is missing the webtask will keep running until the execution time runs out. This results in the “Request to Webtask exceeded allowed execution time” error thrown. If the webtask code has many if...else... statements, ensure that the callback() function is called at the end under every condition.

2) The Auth0 webtask platform is not responding

If the timeout is due to a temporary failure of the webtask platform, then multiple tenants will be impacted. If only a single tenant is impacted, this is unlikely to be the source of the problem.

3) External API timeout

If the code calls an external API service and this is either unavailable or slow to respond, it will result in the webtask timing out.

It is common practice to use a NPM package such as axios, superagent, request, to make the external API calls. These libraries support the timeout setting:

If the timeout setting is not manually selected, the default timeout of these libraries could be 60 seconds (e.g. ‘request’) or unlimited (e.g. axios). As a consequence, calls to an external API are expected to fail in conditions of non-availability or high network latency. This in turn will lead to the webtask exceeding the maximum permitted duration of 20 seconds.

In conditions where a series of external API calls are made, the impact of timeouts can be cumulative. For example, if the timeout setting is configured to be less than 20 seconds, perform an additional check to ensure that the total timeout settings do not exceed 20 seconds. Consider the case where 4 external API calls are made within a single Rule/Action, and each is configured with a timeout of 5 seconds. If the 4 API calls timed out in sequence, this would match or exceed the 20-second timeout for webtasks.

4) AWS/Azure cloud outage

This is a scenario under cause #3 (“External API timeout”) but neither Auth0 nor your external API service is responsible for the timeout, so this scenario is considered separately. The cloud infrastructure (e.g. AWS, Azure or GCP) network latency or outage could cause this error as well.

There are 2 cases to consider:

a) The cloud infrastructure that hosts the Auth0 webtask platform has an outage

In this case, multiple tenants will be affected within a specific Availability Zone. Check Auth0’s status page for the latest updates.

b) The cloud infrastructure that hosts the customer’s external API service has an outage

If a customer’s external API service is hosted on the cloud, they may experience the same type of issue that happens in case (a). Check the status page of the service to determine any outages or degradations of service.

Related References