# Auth0 Configuration

The pentesting agents share session state across multiple instances. To ensure this works correctly, apply the following settings in Auth0.

{% stepper %}
{% step %}
**Open Application Settings**

Navigate to Applications → \[Your Application] → Settings.

<figure><img src="/files/y5rcdQE1UU1I5F8tcQjT" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Disable Refresh Token Rotation**

[Refresh token rotation](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-13#section-4.12) issues a new refresh token on each token exchange. This interferes with the agents’ shared-session model and must be disabled.

<figure><img src="/files/L1mplUb3sXuVDFG1X2JR" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Configure Refresh Token Lifetime**

Configure the refresh token lifetime to a sufficiently long duration (recommended: greater than 7200 seconds) to reduce the frequency of agent re-authentication during execution.

<figure><img src="/files/ij9QXL1o1d84EzggTgvy" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/pentests/configure-a-pentest/setting-up-authenticated-testing/oauth0-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.