UK tenant service unavailable issue and Invalid response from extension discovery URL: 403

Hi

I’m getting issues when trying to login with my nextJS app. I’m using the early access/beta UK tenant.

error - temporarily_unavailable: {"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\"code\":403,\"message\":\"rejecting request with JWT token signed with untrusted key\",\"req_id\":\"1680164284831.347112\"}"}
    at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/rest-facade/src/Client.js:402:25
    at Request.callback (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:943:3)
    at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:1165:20
    at IncomingMessage.<anonymous> (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/parsers/json.js:22:7)
    at IncomingMessage.emit (node:events:539:35)
    at IncomingMessage.emit (node:domain:537:15)
    at endReadableNT (node:internal/streams/readable:1345:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21) {
  statusCode: 503,
  requestInfo: { method: 'post', url: 'https://cwsc.uk.auth0.com/oauth/token' },
  originalError: Error: Service Unavailable
      at Request.callback (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:921:17)
      at /Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/index.js:1165:20
      at IncomingMessage.<anonymous> (/Users/benjefferies/source/github/CotswoldWaterSkiClub/cwsc/app/node_modules/superagent/lib/node/parsers/json.js:22:7)
      at IncomingMessage.emit (node:events:539:35)
      at IncomingMessage.emit (node:domain:537:15)
      at endReadableNT (node:internal/streams/readable:1345:12)
      at processTicksAndRejections (node:internal/process/task_queues:83:21) {
    status: 503,
    response: Response {
      _events: [Object: null prototype] {},
      _eventsCount: 0,
      _maxListeners: undefined,
      res: [IncomingMessage],
      request: [Request],
      req: [ClientRequest],
      text: '{"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\\"code\\":403,\\"message\\":\\"rejecting request with JWT token signed with untrusted key\\",\\"req_id\\":\\"1680164284831.347112\\"}"}',
      files: undefined,
      buffered: true,
      headers: [Object],
      header: [Object],
      statusCode: 503,
      status: 503,
      statusType: 5,
      info: false,
      ok: false,
      redirect: false,
      clientError: false,
      serverError: true,
      error: [Error],
      created: false,
      accepted: false,
      noContent: false,
      badRequest: false,
      unauthorized: false,
      notAcceptable: false,
      forbidden: false,
      notFound: false,
      unprocessableEntity: false,
      type: 'application/json',
      links: {},
      setEncoding: [Function: bound ],
      redirects: [],
      _body: [Object],
      pipe: [Function (anonymous)],
      [Symbol(kCapture)]: false
    }
  },
  page: '/'
}

I’m also getting the same error if I do a client credentials token request

curl -v --request POST \
  --url https://cwsc.uk.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"<redacted>","client_secret":"<redacted>","audience":"https://fees.cotswoldski.co.uk","grant_type":"client_credentials"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 104.18.31.128:443...
* Connected to cwsc.uk.auth0.com (104.18.31.128) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.guardian.uk.auth0.com
*  start date: Feb  1 20:55:32 2023 GMT
*  expire date: May  2 20:55:31 2023 GMT
*  subjectAltName: host "cwsc.uk.auth0.com" matched cert's "*.uk.auth0.com"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x154012000)
> POST /oauth/token HTTP/2
> Host: cwsc.uk.auth0.com
> user-agent: curl/7.79.1
> accept: */*
> content-type: application/json
> content-length: 209
> 
* We are completely uploaded and fine
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 503 
< date: Thu, 30 Mar 2023 08:29:40 GMT
< content-type: application/json
< content-length: 234
< cf-ray: 7afefc755b80dd6f-LHR
< cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
< set-cookie: <redacted>; Max-Age=31557600; Path=/; Expires=Fri, 29 Mar 2024 14:29:40 GMT; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=15724800; includeSubDomains
< vary: Origin
< cf-cache-status: DYNAMIC
< ot-baggage-auth0-request-id: 7afefc755b80dd6f
< ot-tracer-sampled: true
< ot-tracer-spanid: 0fe2b29f7b904ab2
< ot-tracer-traceid: 6d92352d2cd9b186
< set-cookie: <redacted>; Max-Age=31557600; Path=/; Expires=Fri, 29 Mar 2024 14:29:40 GMT; HttpOnly; Secure
< traceparent: 00-00000000000000006d92352d2cd9b186-0fe2b29f7b904ab2-01
< tracestate: auth0-request-id=7afefc755b80dd6f,auth0=true
< x-auth0-requestid: a9acfe55dae86f92d220
< x-content-type-options: nosniff
< x-ratelimit-limit: 300
< x-ratelimit-remaining: 299
< x-ratelimit-reset: 1680164981
< server: cloudflare
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host cwsc.uk.auth0.com left intact
{"error":"temporarily_unavailable","error_description":"Invalid response from extension discovery URL: 403: {\"code\":403,\"message\":\"rejecting request with JWT token signed with untrusted key\",\"req_id\":\"1680164980127.15967\"}"}

I haven’t change the configuration of my tenant since it was last working. Have I misconfigured something previously or am I experience some issue with the UK tenant?

1 Like

Seems like it was related to Invalid response code from the auth0-sandbox: HTTP 403

Is it working for you now?

Yeah it’s working for me now

Perfect! Glad to hear that!