Enabled to Reach Remote Remote Environment

Feature(s) impacted

I’m having trouble to accessing one of our remote environments. Our team has two environments one of them production and the other one is staging(pre-production). Only one person can access the staging others in the team can’t access.

Observed behavior

Unable to reach staging environment only project owner can access.

Expected behavior

Being able to access staging environment.

Failure Logs

Unable to authenticate you error pops as below:
Screen Shot 2022-12-21 at 13.28.09
Get 500 error in this request. …/forest/authentication/callback?error=invalid_grant
Screen Shot 2022-12-21 at 13.28.33

Screen Shot 2022-12-21 at 13.32.30


  • Team name: Operations
  • Environment name: Staging
  • Agent type & version: Rails
  • Recent changes made on your end if any: Occured after the project owner created the team.

Hello @Luftedar,

Can you please share with me the request parameters and response bodies of the following calls:

  • https://api.forestadmin.com/oidc/auth
  • [your agent's url]/forest/authentication/callback

Also, can you please share with me:

  • the last 2 characters of the environment secret that is configured on your staging environment,
  • if a value is defined for the config parameter ForestLiana.forest_client_id
  • the value used as ForestLiana.application_url in your staging environment


Returns 302

  • forest/authentication/callback: { status: 500, detail: “‘code’ required.” }
    error_description: You are not allowed to access to this client

  • Environment secret last two digits: 95

  • forest_client_id: CLIENT_ID

  • url: https://admin-stg.branchsight.com

Hello @Luftedar,

As @GuillaumeGautreau is off in Christmas holidays I will take on this subject.

I double check, it seems to be the right one.

This is not the right clientId for this environment for sure, it is the one from your production environment. You need to have different client ids betweens your environment. You might have copied it by mistake.

You can either enable caching and remove the forest_client_id definition for this environment (the clientId will be automatically generated) or replace the one you’ve configured with a newly created as described here and below.

CURL command to generate forest_client_id (not recommended way)

You only need to change the FOREST_ENV_SECRET by your own env secret. The response will contain a valid forest_client_id.

curl -H "Content-Type: application/json" \
     -H "Authorization: Bearer FOREST_ENV_SECRET" \
     -X POST \
     -d '{"token_endpoint_auth_method": "none"}' \

As a side note: ForestLiana.application_url and ForestLiana.forest_client_id are totally removed starting from liana version 7.7.0 to ease environment setup. :pray:

Lets us know if it helps.

Kind regards,