Skip to content

Operations Playbook: Authentication Failures

Trigger Conditions

  • login failures/spikes
  • MFA loops or unexpected challenges
  • session/auth redirect loops

Response Workflow

  1. Validate host and CSRF settings.
  2. Check auth/middleware behavior.
  3. Inspect app logs and auth rate-limits.
  4. Re-run system checks.
  5. Validate account flow endpoints.
docker compose run --rm app python manage.py check
docker compose logs -f app

Recovery Validation

  • login flow stable for valid users
  • MFA flow completes correctly
  • no repeated auth errors in logs
Common misconfiguration

DJANGO_ALLOWED_HOSTS and CSRF origin mismatches often cause environment-specific login failures.