The pentesting agents share session state across multiple instances. To ensure this works correctly, apply the following settings in Auth0.
1
Open Application Settings
Navigate to Applications → [Your Application] → Settings.
2
Disable Refresh Token Rotation
Refresh token rotation issues a new refresh token on each token exchange. This interferes with the agents’ shared-session model and must be disabled.
3
Configure Refresh Token Lifetime
Configure the refresh token lifetime to a sufficiently long duration (recommended: greater than 7200 seconds) to reduce the frequency of agent re-authentication during execution.
