We ran across:
{
"date": "2026-06-11T05:50:14.771Z",
"type": "flo",
"description": "invalid signature: the signature value ...== is incorrect",
"connection_id": "",
"client_id": "...",
"client_name": "...",
"ip": "...",
"user_agent": "Edge 149.0.0 / Windows 10.0.0",
"details": {
"allowed_logout_url": []
},
"hostname": "...",
"user_id": "",
"user_name": "",
"location_info": {
...
},
"$event_schema": {
"version": "1.0.0"
},
"environment_name": "prod-us-1",
"log_id": "90020260611055014807412000000000000001223372175632636094",
"tenant_name": "...",
"_id": "90020260611055014807412000000000000001223372175632636094",
"isMobile": false,
"id": "90020260611055014807412000000000000001223372175632636094"
}
There were a couple of other old posts about invalid signatures, but they didn’t say much. I’m leaving this here mostly so others can see it’s a thing.
As this is logout as opposed to login, I don’t think this is an attacker sending random garbage (it’s a real user; and they’re using our frontend which uses GitHub - auth0/auth0.js: Auth0 headless browser sdk · GitHub to manage things).