Hi
I’m getting issues when trying to login with my nextJS app. I’m using the early access/beta UK tenant.
error - temporarily_unavailable: {"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\"code\":403,\"message\":\"rejecting request with JWT token signed with untrusted key\",\"req_id\":\"1680164284831.347112\"}"}
at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/rest-facade/src/Client.js:402:25
at Request.callback (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:943:3)
at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:1165:20
at IncomingMessage.<anonymous> (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/parsers/json.js:22:7)
at IncomingMessage.emit (node:events:539:35)
at IncomingMessage.emit (node:domain:537:15)
at endReadableNT (node:internal/streams/readable:1345:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
statusCode: 503,
requestInfo: { method: 'post', url: 'https://cwsc.uk.auth0.com/oauth/token' },
originalError: Error: Service Unavailable
at Request.callback (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:921:17)
at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:1165:20
at IncomingMessage.<anonymous> (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/parsers/json.js:22:7)
at IncomingMessage.emit (node:events:539:35)
at IncomingMessage.emit (node:domain:537:15)
at endReadableNT (node:internal/streams/readable:1345:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
status: 503,
response: Response {
_events: [Object: null prototype] {},
_eventsCount: 0,
_maxListeners: undefined,
res: [IncomingMessage],
request: [Request],
req: [ClientRequest],
text: '{"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\\"code\\":403,\\"message\\":\\"rejecting request with JWT token signed with untrusted key\\",\\"req_id\\":\\"1680164284831.347112\\"}"}',
files: undefined,
buffered: true,
headers: [Object],
header: [Object],
statusCode: 503,
status: 503,
statusType: 5,
info: false,
ok: false,
redirect: false,
clientError: false,
serverError: true,
error: [Error],
created: false,
accepted: false,
noContent: false,
badRequest: false,
unauthorized: false,
notAcceptable: false,
forbidden: false,
notFound: false,
unprocessableEntity: false,
type: 'application/json',
links: {},
setEncoding: [Function: bound ],
redirects: [],
_body: [Object],
pipe: [Function (anonymous)],
[Symbol(kCapture)]: false
}
},
page: '/'
}
I’m also getting the same error if I do a client credentials token request
curl -v --request POST \
--url https://cwsc.uk.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"<redacted>","client_secret":"<redacted>","audience":"https://fees.cotswoldski.co.uk","grant_type":"client_credentials"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 104.18.31.128:443...
* Connected to cwsc.uk.auth0.com (104.18.31.128) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.guardian.uk.auth0.com
* start date: Feb 1 20:55:32 2023 GMT
* expire date: May 2 20:55:31 2023 GMT
* subjectAltName: host "cwsc.uk.auth0.com" matched cert's "*.uk.auth0.com"
* issuer: C=US; O=Let's Encrypt; CN=E1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x154012000)
> POST /oauth/token HTTP/2
> Host: cwsc.uk.auth0.com
> user-agent: curl/7.79.1
> accept: */*
> content-type: application/json
> content-length: 209
>
* We are completely uploaded and fine
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 503
< date: Thu, 30 Mar 2023 08:29:40 GMT
< content-type: application/json
< content-length: 234
< cf-ray: 7afefc755b80dd6f-LHR
< cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
< set-cookie: <redacted>; Max-Age=31557600; Path=/; Expires=Fri, 29 Mar 2024 14:29:40 GMT; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=15724800; includeSubDomains
< vary: Origin
< cf-cache-status: DYNAMIC
< ot-baggage-auth0-request-id: 7afefc755b80dd6f
< ot-tracer-sampled: true
< ot-tracer-spanid: 0fe2b29f7b904ab2
< ot-tracer-traceid: 6d92352d2cd9b186
< set-cookie: <redacted>; Max-Age=31557600; Path=/; Expires=Fri, 29 Mar 2024 14:29:40 GMT; HttpOnly; Secure
< traceparent: 00-00000000000000006d92352d2cd9b186-0fe2b29f7b904ab2-01
< tracestate: auth0-request-id=7afefc755b80dd6f,auth0=true
< x-auth0-requestid: a9acfe55dae86f92d220
< x-content-type-options: nosniff
< x-ratelimit-limit: 300
< x-ratelimit-remaining: 299
< x-ratelimit-reset: 1680164981
< server: cloudflare
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #0 to host cwsc.uk.auth0.com left intact
{"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\"code\":403,\"message\":\"rejecting request with JWT token signed with untrusted key\",\"req_id\":\"1680164980127.15967\"}"}
I haven’t change the configuration of my tenant since it was last working. Have I misconfigured something previously or am I experience some issue with the UK tenant?