We are experiencing sporadic but frequent refresh token operation errors on our Native apps with the following error:
{
"date": "2022-10-04T04:26:36.684Z",
"type": "fertft",
"description": "Unknown or invalid refresh token.",
"connection_id": "",
"client_id": "yqCJv8j8EBj8FuoSbu8gAns8Xdvw0Ug2",
"client_name": "DogeCard-New",
"ip": "2603:9000:9904:c40c:ddb4:4e2d:e43e:56d6",
"user_agent": "DogeCard 253.0.0 / Other 0.0.0",
"hostname": "dogeking.us.auth0.com",
"user_id": "",
"user_name": "",
"auth0_client": {
"env": {
"iOS": "16.0",
"swift": "5.x"
},
"name": "Auth0.swift",
"version": "2.3.1"
},
"log_id": "90020221004042639738407548500311660805002715132145434706",
"_id": "90020221004042639738407548500311660805002715132145434706",
"isMobile": false,
"id": "90020221004042639738407548500311660805002715132145434706"
}
I suspect that the refresh token is somehow getting revoked from our management API. We are mostly updating user metadata from the management API. Is there a way to track if a user’s session was revoked? Is there a per-user log that tracks the status of their refresh token validity?
What could cause the user session to be revoked? (except directly revoking it).
FYI our application has disabled expiration on refresh tokens and token rotation.