"Token could not be decoded or is missing in DB"

tom27 · January 15, 2025, 5:29am

I recently updated auth0-spa-js. Since then a problem occurs with the following two symptoms.

Symptom 1: Calls to auth0.getTokenSilently() now seem to throw an exception some of the time (perhaps after 1 hour of inactivity?). I can mitigate this by catching the exception and calling auth0.loginWithRedirect().

Symptom 2: I see lots of “Token could not be decoded or is missing in DB” error logs in auth0 monitoring.

Refresh Token Exchange - fertft Events "Token could not be decoded or is missing in DB" indicates this is caused by reuse of a refresh token, which seems to be entirely handled in the library itself.

Is this a bug or am I doing something wrong?

Here’s the gist of how I’m using the lib.

authClient = new Auth0Client({
  clientId: CLIENT_ID,
  domain: DOMAIN,
  authorizationParams: {
    redirect_uri: redirectUri,
    audience: AUDIENCE
  },
  cacheLocation: "localstorage",
  useRefreshTokens: true,
});

authClient.checkSession()

// other code

function callAPI(endpoint, config = {}) {
  let token = undefined;
  try {
    token = await authClient.getTokenSilently();
  } catch (error) {
    console.error('Token retrieval failed:', error);
    await authClient.loginWithRedirect(); // <-- New to mitigate recent issue
  }

  // call some api endpoint with the token
}

rueben.tiow · January 15, 2025, 8:11pm

Hi @tom27,

Welcome to the Auth0 Community!

For the first symptom, the token is expiring in 1 hour because you have set your API’s Token Expiration and Token Expiration for Browser Flows to 1 hour (3600 seconds). This will cause you to see the Login Required error and require reauthentication to get a new valid access token. Please refer to our Change access_token Expiration Time knowledge article.

As for the second symptom, it seems to be happening because it failed to exchange a refresh token for an access token. In this situation, you must ensure you are not reusing your refresh tokens when you have refresh token rotation enabled. You must use a new refresh token that was issued after getting a new access token and refresh token. (Reference: Use Refresh Token Rotation)

Thanks,
Rueben

tom27 · January 15, 2025, 11:39pm

It looks like this code is where the API call for refresh tokens is happening. It also looks like it’s intended to be called multiple times concurrently. It has an optimization to avoid latency on a cache call, perhaps I’m running into that?

tom27 · January 29, 2025, 8:05pm

Still getting these “Token could not be decoded or is missing in DB”, some guidance would be great.

system · February 12, 2025, 8:05pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Token could not be decoded or is missing in DB JWT.io refresh-tokens , refresh_token	5	808	December 18, 2024
Timeout error on refreshToken Help management-api , users	2	75	November 29, 2024
Refresh unexpired token for SPA Help	8	3664	January 3, 2020
Regularly refresh Auth0 token in auth0-spa-js Help auth0-spa-js	0	1566	October 31, 2022
Timeouts and Refresh Tokens Help	4	4169	July 24, 2021

"Token could not be decoded or is missing in DB"

Related topics