Hi everyone,
I’m using Auth0 as the authentication layer for an application built with the ChatGPT Apps SDK. Everything works correctly when I use my personal Auth0 tenant, but I encounter a consistent issue when using my company’s Auth0 tenant.
Problem Description
When the OAuth flow is initiated from my app:
-
The user is redirected to Auth0.
-
They enter their username and password.
-
After successful authentication, instead of returning to the app, the browser is redirected to:
chatgpt.com/connector_platform_oauth_redirect?error=server_error&error_description=Internal+error&state=oauth_s_691c9a9817c88191a280e93965e37dd2
However:
-
This issue only occurs on the first login attempt for a new or existing user.
-
If the same user tries logging in again immediately afterward, the login succeeds.
-
If the user chooses Sign Up instead of Sign In, the error does not occur at all.
-
The exact same configuration works perfectly on my personal Auth0 tenant, so the client setup itself seems valid.
Auth0 Logs
On the company tenant, I see an Internal error in the Auth0 logs for the failing login. Here is the raw log entry (anonymized where appropriate). Unfortunately, it does not reveal the root cause:
{
"date": "2025-11-18T16:11:39.684Z",
"type": "f",
"description": "Internal error",
"connection": "Username-Password-Authentication",
"connection_id": "con_9UcxragsycRyhPie",
"client_id": "XXXX_XXX",
"client_name": "ChatGPT",
"ip": "167.103.88.187",
"user_agent": "Chrome 142.0.0 / Mac OS X 10.15.7",
"details": {
"body": {},
"qs": {
"state": "****************************Z3Bu"
},
"connection": "Username-Password-Authentication",
"error": {
"message": "Internal error",
"oauthError": "Internal error",
"type": "server_error",
"uri": null
},
"session_id": "etAMe1j047Z2iyAGHcdsBEUFRCMwY02D",
"riskAssessment": {
"confidence": "high",
"version": "1",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "not_found_on_deny_list"
},
"NewDevice": {
"confidence": "medium",
"code": "partial_match",
"details": {
"device": "unknown",
"useragent": "known"
}
},
"ImpossibleTravel": {
"confidence": "high",
"code": "minimal_travel_from_last_login"
},
"PhoneNumber": {
"confidence": "neutral",
"code": "phone_number_not_provided"
}
}
},
"actions": {
"executions": [
"ZTIFtPlmhc5Kl6aeGEo5DWAKMjAyNTExMThGmky8gl9DfY--ltxEPEO8"
]
},
"stats": {
"loginsCount": 18
}
},
"hostname": "XXXX_XXX",
"user_id": "auth0|6916cb85ab8fd0701235ddff",
"user_name": "XXXX_XXX",
"strategy": "auth0",
"strategy_type": "database",
"audience": "XXXX_XXX",
"scope": [
"openid",
"profile"
],
"environment_name": "XXXX_XXX",
"tenant_name": "XXXX_XXX"
}
Summary
-
Only the first login fails with a
server_error. -
Subsequent logins succeed.
-
Sign-up flow succeeds.
-
Works fine on my personal Auth0 tenant.
-
Logs show Internal error but no details.
What I’m Looking For
Has anyone seen this pattern before — first-login-only internal errors in Auth0?
Are there known tenant-wide configurations (Actions, Rules, Attack Protection policies, first-login flows, org membership, advanced user profile handling, etc.) that could cause a transient internal error that only occurs on initial login?
Any guidance or next steps for debugging this would be greatly appreciated.
Thanks!
