Code Room
On-callHard
Question
Your SaaS app uses a third-party identity provider (Auth0-style) for all social and SSO login. At 09:05 support reports a flood of 'can't log in' tickets. Dashboards: your login success rate dropped from 99% to 12%; the IdP's token endpoint is returning 500s and its JWKS endpoint is timing out. Existing logged-in sessions are unaffected. You shipped a config change to your IdP tenant 40 minutes ago that rotated a signing key. The IdP's public status page says 'all systems operational.' How do you triage and mitigate?
What a strong answer looks like
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.