User session getting revoked

We are experiencing sporadic but frequent refresh token operation errors on our Native apps with the following error:

{
  "date": "2022-10-04T04:26:36.684Z",
  "type": "fertft",
  "description": "Unknown or invalid refresh token.",
  "connection_id": "",
  "client_id": "yqCJv8j8EBj8FuoSbu8gAns8Xdvw0Ug2",
  "client_name": "DogeCard-New",
  "ip": "2603:9000:9904:c40c:ddb4:4e2d:e43e:56d6",
  "user_agent": "DogeCard 253.0.0 / Other 0.0.0",
  "hostname": "dogeking.us.auth0.com",
  "user_id": "",
  "user_name": "",
  "auth0_client": {
    "env": {
      "iOS": "16.0",
      "swift": "5.x"
    },
    "name": "Auth0.swift",
    "version": "2.3.1"
  },
  "log_id": "90020221004042639738407548500311660805002715132145434706",
  "_id": "90020221004042639738407548500311660805002715132145434706",
  "isMobile": false,
  "id": "90020221004042639738407548500311660805002715132145434706"
}

I suspect that the refresh token is somehow getting revoked from our management API. We are mostly updating user metadata from the management API. Is there a way to track if a user’s session was revoked? Is there a per-user log that tracks the status of their refresh token validity?

What could cause the user session to be revoked? (except directly revoking it).

FYI our application has disabled expiration on refresh tokens and token rotation.

2 Likes

I found this thread interesting: Silent Auth errors with Login Required after updating app_metadata via Management API - #6

Does updating the email in user metadata create issues? Is there documentation regarding this?

Do you have any updates on this? We facing the same issue.

Hi @antonios we have the same issue, do you have news about it?