Cannot login in production or staging environments

Hi there,

My backend stack is Serverless + Express + Typescript + Mongoose hosted on AWS Lambda
I’m using forest-express-mongoose 7.6.2
I followed all the steps required to migrate to v7, I generated a client_id, pushed my updated schema and everything look good on local.
But in production it’s another story:
First, the /auth request returns a cors error:
{"errors":[{"status":400,"detail":"The redirect uri must be one of Received \"\"","meta":{},"name":"InvalidRedirectUriError"}]}
So initially I thought my cors setup was wrong but everything seems ok.
Then I checked out my Cloudwatch logs and here it is:

[forest] 🌳🌳🌳  An error occured while computing the Forest schema. Your application schema cannot be synchronized with Forest. Your admin panel might not reflect your application models definition. EROFS: read-only file system, open '/var/task/.forestadmin-schema.json'
"stack": "Error: EROFS: read-only file system, open '/var/task/.forestadmin-schema.json'\n    at Object.openSync (fs.js:462:3)\n    at Object.writeFileSync (fs.js:1384:35)\n    at SchemaFileUpdater.update (/var/task/node_modules/forest-express/dist/services/schema-file-updater.js:118:15)\n    at generateAndSendSchema (/var/task/node_modules/forest-express/dist/index.js:196:37)\n    at _callee$ (/var/task/node_modules/forest-express/dist/index.js:355:13)\n    at tryCatch (/var/task/node_modules/regenerator-runtime/runtime.js:63:40)\n    at Generator.invoke [as _invoke] (/var/task/node_modules/regenerator-runtime/runtime.js:293:22)\n    at (/var/task/node_modules/regenerator-runtime/runtime.js:118:21)\n    at asyncGeneratorStep (/var/task/node_modules/@babel/runtime/helpers/asyncToGenerator.js:3:24)\n    at _next (/var/task/node_modules/@babel/runtime/helpers/asyncToGenerator.js:25:9)"

Any idea how to fix that ?

Hello @benjaming,

When your Forest Admin agent starts, it generates the .forestadmin-schema.json file. We use it internally to represent your collections, and by default it is stored at the root of your project.

AWS Lambda seems to prevent writing it the application directory (“read-only file system”).

You can change the directory used by adding a schemaDir option in the middlewares/forestadmin.js file of your code.

It could be:

module.exports = async function forestadmin(app) {
  app.use(await Liana.init({
    schemaDir: '/tmp/',

Another solution could be to include the .forestadmin-schema.json file within your lambda code.

Hope this helps.

Hum… thanks for your answer Guillaume.
Actually yes, I’m publishing the .forestadmin-schema.json along with the rest of the lambda but the Forest plugin is probably looking at the wrong folder.

By the way is this “schemaDir” a new option ?

Looks like the compiler is not recognizing this option yet…

It’s better: I don’t have the schema error anymore, but the cors issue is still present:

{"errors":[{"status":400,"detail":"The redirect uri must be one of Received \"\"","meta":{},"name":"InvalidRedirectUriError"}]}

I don’t get why there’s an empty space char “%20” before my callback url: ?

Hello @benjaming !
Yeah this space could be the problem here, can you check that your APPLICATION_URL doesn’t have a space ?

I’m sure there’s not as I requested the client ID directly from my command line like this:

     -H "Authorization: Bearer FOREST_STAGING_SECRET_KEY" \
     -X POST \
     -d '{"token_endpoint_auth_method": "none", "redirect_uris": [""]}' \```

Yeah but here you write the redirect_uri yourself, whereas inside your liana it’s built from the env variable

Indeed, there was an invisible space char on my Serverless dashboard :man_facepalming:

Thanks a lot for your help though !

1 Like