Shelf.io incident

Investigating: SSO login failures across regions

Critical Resolved View vendor source →

Shelf.io experienced a critical incident on September 10, 2025 affecting Authentication and Authentication and 1 more component, lasting 1h 57m. The incident has been resolved; the full update timeline is below.

Started
Sep 10, 2025, 02:38 PM UTC
Resolved
Sep 10, 2025, 04:35 PM UTC
Duration
1h 57m
Detected by Pingoru
Sep 10, 2025, 02:38 PM UTC

Affected components

AuthenticationAuthenticationAuthentication

Update timeline

  1. investigating Sep 10, 2025, 04:06 PM UTC

    Starting at 14:38 UTC, we observed a spike in SSO authentication failures. Affected users may be unable to sign in and see "access_denied (Unauthorized)" after returning from their IdP. We are actively investigating with our identity provider. Next update within 30 minutes.

  2. identified Sep 10, 2025, 04:26 PM UTC

    We have deployed a fix to our authentication flow at 16:15 UTC. Users should begin to see successful sign-ins resume across all regions. Please retry logging in; starting a new browser session (or incognito) may help clear a failed attempt. We’re closely monitoring error rates and will provide another update within 30 minutes.

  3. resolved Sep 10, 2025, 04:35 PM UTC

    SSO sign-ins have been restored. Between 14:38-16:27 UTC a configuration regression in our authentication layer caused the authorization code exchange to fail, resulting in "access_denied (Unauthorized)" after IdP login. We corrected the configuration and refreshed services; metrics show recovery across all regions.