Enabled to Reach Remote Remote Environment

Luftedar · December 21, 2022, 10:57am

Feature(s) impacted

I’m having trouble to accessing one of our remote environments. Our team has two environments one of them production and the other one is staging(pre-production). Only one person can access the staging others in the team can’t access.

Observed behavior

Unable to reach staging environment only project owner can access.

Expected behavior

Being able to access staging environment.

Failure Logs

Unable to authenticate you error pops as below:
Screen Shot 2022-12-21 at 13.28.09
Get 500 error in this request. …/forest/authentication/callback?error=invalid_grant

Screen Shot 2022-12-21 at 13.32.30

Context

Team name: Operations
Environment name: Staging
Agent type & version: Rails
Recent changes made on your end if any: Occured after the project owner created the team.

GuillaumeGautreau · December 21, 2022, 12:39pm

Hello @Luftedar,

Can you please share with me the request parameters and response bodies of the following calls:

https://api.forestadmin.com/oidc/auth
[your agent's url]/forest/authentication/callback

Also, can you please share with me:

the last 2 characters of the environment secret that is configured on your staging environment,
if a value is defined for the config parameter ForestLiana.forest_client_id
the value used as ForestLiana.application_url in your staging environment

Thanks

Luftedar · December 27, 2022, 7:50am

https://api.forestadmin.com/oidc/auth?client_id=CLIENT_ID&redirect_uri=https://admin-stg.branchsight.com/forest/authentication/callback&response_type=code&scope=openid email profile&state={“renderingId”=>133387}

Returns 302

forest/authentication/callback: { status: 500, detail: “‘code’ required.” }
error_description: You are not allowed to access to this client
Environment secret last two digits: 95
forest_client_id: CLIENT_ID
url: https://admin-stg.branchsight.com

morganperre · December 27, 2022, 11:42am

Hello @Luftedar,

As @GuillaumeGautreau is off in Christmas holidays I will take on this subject.

I double check, it seems to be the right one.

This is not the right clientId for this environment for sure, it is the one from your production environment. You need to have different client ids betweens your environment. You might have copied it by mistake.

You can either enable caching and remove the forest_client_id definition for this environment (the clientId will be automatically generated) or replace the one you’ve configured with a newly created as described here and below.

CURL command to generate forest_client_id (not recommended way)

You only need to change the FOREST_ENV_SECRET by your own env secret. The response will contain a valid forest_client_id.

curl -H "Content-Type: application/json" \
     -H "Authorization: Bearer FOREST_ENV_SECRET" \
     -X POST \
     -d '{"token_endpoint_auth_method": "none"}' \
     https://api.forestadmin.com/oidc/reg

As a side note: ForestLiana.application_url and ForestLiana.forest_client_id are totally removed starting from liana version 7.7.0 to ease environment setup.

Lets us know if it helps.

Kind regards,
Morgan

Luftedar · August 5, 2024, 8:18pm

Hi team!

Sorry for the late reply. Due to change in our company emails, I have missed your replies.
We have solved the problem by removing forest_client_id.

Thanks for your help

Topic		Replies	Views
500 when connecting to staging environment Help me!	7	784	April 12, 2021
Setup of a second staging environment with a different url Help me! setup	3	311	June 14, 2022
Deploying a remote staging environment Help me! setup	3	557	March 23, 2021
"Unable to authenticate you" for prod/staging rails apps - works for dev Help me!	7	564	March 11, 2021
Unreachable backend Help me!	3	294	May 10, 2021