Postmortem: Logto auth service outage
On June 12, 2025, Logto services on `logto.app` were briefly disrupted by a Cloudflare outage affecting request routing. The issue was resolved quickly, with no impact on data security or core services.
Founder
Incident summary
Between 18:07 and 18:58 UTC on June 12, 2025, users accessing Logto services via the logto.app domain (including custom domains) experienced errors. The disruption was due to an outage in Cloudflare Workers KV, which impacted our routing layer. Logto Cloud services and Logto Console, which use direct DNS resolution and do not depend on Cloudflare Workers, were not affected. Service was restored within an hour, with no impact on data security.
Timeline (UTC)
- 18:07: Logto auth service APIs began returning 500 errors for requests via
logto.app. - 18:24: Investigation confirmed the Azure backend was healthy, and the issue was isolated to Cloudflare Workers and KV.
- 18:48: Cloudflare officially acknowledged an incident affecting Workers and KV.
- 18:58: We deployed a temporary workaround by removing the caching logic, which restored service with possible minor performance degradation.
- 21:00: After Cloudflare services stabilized, we redeployed the cache logic with a graceful fallback. Full performance was restored and the service is now resilient to similar KV outages.
Root cause
This incident was triggered by downtime in Cloudflare Workers KV. Our Cloudflare Worker routes requests to the correct Logto region for each tenant or domain to ensure proper data residency and compliance. To improve performance, the Worker uses KV to cache these region mappings. When KV became unavailable, cache operations failed and the Worker threw errors instead of falling back to a no-cache behavior, causing service disruption.
%3btext-align:center%3b%7d%23mermaid-0 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-0 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-0 .cluster text%7bfill:%23333%3b%7d%23mermaid-0 .cluster span%7bcolor:%23333%3b%7d%23mermaid-0 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-0 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-0 .icon-shape%2c%23mermaid-0 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-0 .icon-shape p%2c%23mermaid-0 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-0 .icon-shape rect%2c%23mermaid-0 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-0_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-0_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_User_Worker_0' d='M247.672%2c71L251.839%2c71C256.005%2c71%2c264.339%2c71%2c272.005%2c71C279.672%2c71%2c286.672%2c71%2c290.172%2c71L293.672%2c71'/%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_Worker_KV_1' d='M484.2%2c44L498.43%2c39.833C512.66%2c35.667%2c541.119%2c27.333%2c568.562%2c24.254C596.004%2c21.174%2c622.431%2c23.348%2c635.644%2c24.435L648.857%2c25.522'/%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_KV_Worker_2' d='M652.844%2c55.587L638.966%2c58.156C625.089%2c60.725%2c597.333%2c65.862%2c570.245%2c68.431C543.156%2c71%2c516.734%2c71%2c503.523%2c71L490.313%2c71'/%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_Worker_LogtoRegion_3' d='M462.504%2c98L480.35%2c104.833C498.196%2c111.667%2c533.887%2c125.333%2c566.99%2c132.167C600.094%2c139%2c630.609%2c139%2c645.867%2c139L661.125%2c139'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg transform='translate(0%2c 0)' class='label'%3e%3cforeignObject height='0' width='0'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg transform='translate(0%2c 0)' class='label'%3e%3cforeignObject height='0' width='0'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(569.578125%2c 71)' class='edgeLabel'%3e%3cg transform='translate(-58.265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='116.53125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eRegion mapping%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg transform='translate(0%2c 0)' class='label'%3e%3cforeignObject height='0' width='0'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg transform='translate(127.8359375%2c 71)' id='flowchart-User-0' class='node default'%3e%3crect height='54' width='239.671875' y='-27' x='-119.8359375' style='' class='basic label-container'/%3e%3cg transform='translate(-89.8359375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='179.671875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser request to logto.app%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(391.9921875%2c 71)' id='flowchart-Worker-1' class='node default'%3e%3crect height='54' width='188.640625' y='-27' x='-94.3203125' style='' class='basic label-container'/%3e%3cg transform='translate(-64.3203125%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='128.640625'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eCloudflare Worker%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(764.0625%2c 35)' id='flowchart-KV-3' class='node default'%3e%3crect height='54' width='222.4375' y='-27' x='-111.21875' style='' class='basic label-container'/%3e%3cg transform='translate(-81.21875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='162.4375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eCloudflare Workers KV%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(764.0625%2c 139)' id='flowchart-LogtoRegion-7' class='node default'%3e%3crect height='54' width='197.875' y='-27' x='-98.9375' style='' class='basic label-container'/%3e%3cg transform='translate(-68.9375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='137.875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eTarget Logto region%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Logto Cloud services and Logto Console were not affected because they rely on direct DNS resolution and do not use Cloudflare Workers for routing.
Resolution and improvements
- Removed the caching dependency from the Worker, restoring service.
- After Cloudflare KV recovered, redeployed the cache logic with a graceful fallback. If the cache is unavailable, service continues using direct routing without disruption.
- Ongoing improvements to infrastructure to further increase resilience and availability.
Impact
- Users accessing Logto via
logto.appexperienced errors for about 50 minutes. - No customer data was lost or compromised.
- Logto Cloud services and Logto Console remained fully operational.
Next steps
- We will review and improve our error handling in edge infrastructure.
- We will explore using multiple vendors for upstream infrastructure to avoid single points of failure.
Thank you for your patience and support.