502 Bad Gateway on login due to unhandled expired refresh token causing HTTP 400 error

[ksarabi-sp]

Steps to Reproduce

When logging into Prowler UI using username/password, if the refresh token expires or becomes invalid, the UI backend throws an unhandled error on HTTP 400 during token refresh. This results in a 502 Bad Gateway error visible in the browser.
Steps to reproduce:

Login normally to Prowler UI.

Wait for the refresh token to expire (or manually expire it).

Try to perform an action or reload the UI.

The browser shows a 502 Bad Gateway error.

Observed behavior:

Backend logs show repeated errors like:

lua
Copy
Edit
Error refreshing access token: HTTP error! status: 400
Nginx returns 502 to the browser on /sign-in POST or token refresh requests.

The user must clear cookies or open an incognito window to workaround.

Expected behavior

The ui should gracefully handle expired/invalid refresh tokens without throwing.

The session should be invalidated and user redirected to login screen automatically.

No 502 errors should appear.

Actual Result with Screenshots or Logs

Error refreshing access token: Error: HTTP error! status: 400
at d (/app/.next/server/chunks/6769.js:1:11922)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async i_ (/app/.next/server/chunks/1194.js:369:45691)
at async iT (/app/.next/server/chunks/1194.js:369:51994)
at async iC (/app/.next/server/chunks/1194.js:369:56536)
at async /app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:38411
at async e_.execute (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:27880)
at async e_.handle (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:39943)
at async doRender (/app/node_modules/next/dist/server/base-server.js:1366:42)
at async cacheEntry.responseCache.get.routeKind (/app/node_modules/next/dist/server/base-server.js:1588:28)

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

4. EKS

OS used

1. Amzon Linux 2

Prowler version

latest

Pip version

25.1.1

Context

In the NextAuth session callback, check for this error and expire the session to force logout:

[danibarranqueroo]

Hi @ksarabi-sp,

Thanks a lot for reporting this issue and for using Prowler! I’ll discuss it with the team to confirm whether this behavior is expected or not, and we’ll work on getting it fixed as soon as possible.

We appreciate your feedback 🚀

[everythings-gonna-be-alright]

Yep, login with username\password from UI doesn't work. Frontend returns 502 error.
But api calls work perfectly fine.

[danibarranqueroo]

Hi @everythings-gonna-be-alright!
Thanks for confirming!
We were already aware that the issue was UI-related and the team is working on fixing it, but we appreciate you taking the time to verify it. Good to know the API calls are working fine.

[tiagoasousa]

hi, any update on this? having the same issue

[pedrooot]

Hey @tiagoasousa the only update here from the Prowler team:
Sometimes (why? we have to investigate it) the request to refresh the token fails, and the session is lost. At that point, if you refresh the page, everything goes back to normal (or you get logged out, depending on how long the session had been active), but the refresh has to be done manually.

We'll investigate more on this when we get a chance. I'll keep you updated in this issue. Thanks!

[everythings-gonna-be-alright]

Update about my case.
The problem was the too-big response header from upstream on the Kubernetes Nginx ingress side. I fixed that by adding the nginx.ingress.kubernetes.io/proxy-buffer-size: 16k annotation to the ingress.

[jfagoagas]

Hello @tiagoasousa, please try this with the latest version of Prowler and let us know if you're still facing the issue. Thanks!