I am opening this topic because my users are experiencing login issues with my app due to the refresh token exchange.
The logs indicate the error mentioned in the topic title, but I can’t fully understand when it occurs.
I was able to reproduce it locally a few times, but I can’t track a clear solution or prevention method.
In my application, Allow Refresh Token Rotation (2592000s) and Maximum Refresh Token lifetime (31557600s) are enabled.
I’ve now set both to 900s to see if the problem persists, but I’m uncertain whether this will resolve it.
Thank you for posting your question. The error Token could not be decoded or is missing in DB is related to the Unsuccessful Refresh Token exchange, reused refresh token detected. If your app is reusing a token, Auth0 detects this and invalidates the whole refresh token family, so you can no longer use that token. Any subsequent use of that same token will result in the Token could not be decoded or is missing in DB error message. I would guide you to check the logic behind refresh token usage as, based on the logs, that’s where the issue could be.
Thank you for the response. It was very helpful in better understanding the token rotation mechanism, which I hadn’t realized was not directly linked to the Refresh Token Expiration. Additionally, I was also facing client-side management issues
We just started seeing a large number of these recently, but we haven’t made any configuration changes. Has there been a recent change in how these are handled, @dawid.matuszczyk?