Cannot login to Forest Admin from either environment

This is a template you can use to report issues. You can also drag images, videos and include Preformatted text

Expected behavior

I should be able to login to Forest Admin from both Production and DEVELOPMENT.

Actual behavior

I’m not able to login to Forest Admin from either Production or DEVELOPMENT.

Failure Logs

Production

0|server  | [forest] 🌳🌳🌳  Unable to register the client
0|server  | {
0|server  |   "configuration": {
0|server  |     "authorization_endpoint": "https://api.forestadmin.com/oidc/auth",
0|server  |     "device_authorization_endpoint": "https://api.forestadmin.com/oidc/device/auth",
0|server  |     "claims_parameter_supported": false,
0|server  |     "claims_supported": [
0|server  |       "sub",
0|server  |       "email",
0|server  |       "sid",
0|server  |       "auth_time",
0|server  |       "iss"
0|server  |     ],
0|server  |     "code_challenge_methods_supported": [
0|server  |       "S256"
0|server  |     ],
0|server  |     "end_session_endpoint": "https://api.forestadmin.com/oidc/session/end",
0|server  |     "grant_types_supported": [
0|server  |       "authorization_code",
0|server  |       "urn:ietf:params:oauth:grant-type:device_code"
0|server  |     ],
0|server  |     "id_token_signing_alg_values_supported": [
0|server  |       "HS256",
0|server  |       "RS256"
0|server  |     ],
0|server  |     "issuer": "https://api.forestadmin.com",
0|server  |     "jwks_uri": "https://api.forestadmin.com/oidc/jwks",
0|server  |     "registration_endpoint": "https://api.forestadmin.com/oidc/reg",
0|server  |     "response_modes_supported": [
0|server  |       "query"
0|server  |     ],
0|server  |     "response_types_supported": [
0|server  |       "code",
0|server  |       "none"
0|server  |     ],
0|server  |     "scopes_supported": [
0|server  |       "openid",
0|server  |       "email",
0|server  |       "profile"
0|server  |     ],
0|server  |     "subject_types_supported": [
0|server  |       "public"
0|server  |     ],
0|server  |     "token_endpoint_auth_methods_supported": [
0|server  |       "none"
0|server  |     ],
0|server  |     "token_endpoint_auth_signing_alg_values_supported": [],
0|server  |     "token_endpoint": "https://api.forestadmin.com/oidc/token",
0|server  |     "request_object_signing_alg_values_supported": [
0|server  |       "HS256",
0|server  |       "RS256"
0|server  |     ],
0|server  |     "request_parameter_supported": false,
0|server  |     "request_uri_parameter_supported": true,
0|server  |     "require_request_uri_registration": true,
0|server  |     "claim_types_supported": [
0|server  |       "normal"
0|server  |     ]
0|server  |   },
0|server  |   "registration": {
0|server  |     "redirect_uris": [
0|server  |       "autohound.gyroscopictestdev.xyz/forest/authentication/callback"
0|server  |     ],
0|server  |     "token_endpoint_auth_method": "none"
0|server  |   },
0|server  |   "error": {
0|server  |     "error": "invalid_redirect_uri",
0|server  |     "error_description": "Redirect uris must be an array of valid urls"
0|server  |   }
0|server  | }

Local:

Your application is listening on port 3310.
[forest] 🌳🌳🌳  An error occured while retrieving your IP whitelist. Your Forest envSecret seems to be missing or unknown. Can you check that you properly set your Forest envSecret in the Forest initializer?
{}
Your admin panel is available here: https://app.forestadmin.com/projects
[forest] 🌳🌳🌳  Cannot find the project related to the envSecret you configured. Can you check on Forest that you copied it properly in the Forest initialization?
{}

Context

Please provide any relevant information about your setup.

Dependencies in Forest Admin

    "bcrypt": "^5.0.1",
    "body-parser": "1.19.0",
    "chalk": "~1.1.3",
    "cookie-parser": "1.4.4",
    "cors": "2.8.5",
    "debug": "~4.0.1",
    "dotenv": "~6.1.0",
    "express": "~4.17.1",
    "express-jwt": "5.3.1",
    "forest-express-mongoose": "^7.6.0",
    "mongoose": "~5.8.2",
    "morgan": "1.9.1",
    "require-all": "^3.0.0"
  • Package Version: “0.0.1”
  • Express Version: “~4.17.1”
  • Forest Express Mongoose Version: “”
  • Sequelize Version:
  • Database Dialect: Mongoose
  • Database Version: Mongo v4.4.3
  • Project Name: “autohound”
    image
    image

Hi @Lean_Junio !
Can you share which call is failing on the application ?
And your environment variables ?

Hey Nicolas,

Is this what you’re talking about in terms of call?

> autohound@0.0.1 start
> node ./server.js

(node:616094) Warning: Accessing non-existent property 'count' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
(node:616094) Warning: Accessing non-existent property 'findOne' of module exports inside circular dependency
(node:616094) Warning: Accessing non-existent property 'remove' of module exports inside circular dependency
(node:616094) Warning: Accessing non-existent property 'updateOne' of module exports inside circular dependency
Your application is listening on port 3310.
Your admin panel is available here: https://app.forestadmin.com/projects

As for the environment variables, are you talking about the ones in .env or the ones in the /etc/environments?

I’m talking aobut the call that fails in your browser :slight_smile:
And the variables inside your .env file yes

Ah, gotcha.

local .env

APPLICATION_PORT=3310
APPLICATION_URL=http://localhost:3310

CORS_ORIGINS=

DATABASE_URL=mongodb://localhost:27017/<db-name>
DOCKER_DATABASE_URL=mongodb://host.docker.internal:27017/<db-name>
DATABASE_SSL=false
# This should be removed in production environment.
DATABASE_REJECT_UNAUTHORIZED=false

FOREST_AUTH_SECRET=XXX
FOREST_ENV_SECRET=XXX

prod env

APPLICATION_PORT=3310
APPLICATION_URL=http://localhost:3310

CORS_ORIGINS=

DATABASE_URL=mongodb://<username>:<password>@localhost:27017/<prod-db-name>
DOCKER_DATABASE_URL=mongodb://host.docker.internal:27017/<prod-db-name>
DATABASE_SSL=false

Can you check in the project settings that the right env_secret is configured ?

It turns out that on the DEVELOPMENT environment, the FOREST_ENV_SECRET key didn’t match the one in my local .env.

I replaced it with the secret key set for the DEVELOPMENT environment so that it’s matching. I think that one is good now (hopefully).

However, I’m still getting the Unable to authenticate error on the Production environment.

I can confirm that the FOREST_ENV_SECRET in /etc/environment matches the one in the Forest Admin Production settings.

I’m also reviewing the following on the POST /forest/authentication for the production environment if this helps.

Another additional piece of information.
image

What is your APPLICATION_URL for your production environment ?
Looking at what you shared, it should be https://autohound.gyroscopictestdev.xyz

Yes. That’s what is currently in my .env file for APPLICATION_URL. It’s actually the same instance where I have Forest Admin installed in.

With the https:// ? Because in your log it has "autohound.gyroscopictestdev.xyz/forest/authentication/callback"

Yes.

image

Do I need to have the APPLICATION_URL in the /etc/environment file as well?

Is there a possibility that Forest Admin is caching? It seems like the log doesn’t have the https unless it’s being parsed out from the env variables for some reason…?

The redirect_uri is built from the environment variable and is used to cache part of the openId configuration yes, however if the APPLICATION_URL changes it should not be a problem. Furthermore when you restart your environment, the cache is not persisted.

Let me look into it some more

I see… Thanks @Nicolas_Sailly. Really appreciate it!

1 Like

We are going to release a new version of our internal backend to get more data in the error, I’ll tell you when you can test it !

In the meantime can you make sure that you only set the required environment variables inside the local .env (and none in the /etc/environment) ? Just to be sure nothing is getting overwritten :slight_smile:

@Lean_Junio can you try again ? We just released our backend, we should have more information on why it fails :slight_smile:

Great! Thanks!

Yeah I just tried it, unfortunately still the same thing.