Logins to v3 application (https://yousign.app) encountered a large number of errors (from 50 to 90% failure rate depending on the time) between 17:00 UTC+1 and 22:00 UTC+1 on Thursday, December 16th. Users, managers and administrators were still able to log in after several attempts and users with a session were not impacted. Signers were able to access and sign their documents during this.
Our v2 application (https://webapp.yousign.com) was almost not impacted because the technical implementation is different.
We use Auth0 as our identity provider to manage accounts and multiple authentication systems to our application.
Unfortunately, our provider experienced a first incident that started at 17:00 UTC+1 and escalated at 18:00 UTC+1. Our alert system warned us at 18:30 UTC+1 and Auth0 finally communicated about the incident exactly at 19:19 UTC+1 before backdating the first item. Their API endpoint /userinfo, called at each connection, was not responding correctly which led to an unanticipated behavior from us and the display of a white error page with the message "Authentication Required".
Auth0 finally fixed this first incident between 21:00 UTC+1 and 22:00 UTC+1 but a second incident occurred during this period. Their APIs were responding very slowly but it was still possible to login to our application by being patient.
Finally, the situation was resolved at 22:00 UTC+1 and the authentication system of v3 application was back fully functional.
During the incident, we notified our identity provider and monitored their communications in order to provide you as much information as possible on our status page.
We will be adding new log alerts in order to be able to communicate more quickly.
Finally, we will create a comprehensive error page to guide users.