For those who upgrades the agent version, I would really notice about environment variables.
Personally I migrated from v2 to v7 and when I setup the agent for the first time with v2 there were no requirement to set FOREST_ENV_SECRET
, FOREST_AUTH_SECRET
. It was required to pass those values as envSecret
and authSecret
.
There is no information about environment variables that should be set if you migrate from version x to version y. I didn’t find anything about this in the Upgrade to v3, v4, v5, v6, v7
.
But this is specified there
here
Forest team, what do you expect from your users? That we will spent dozens of hours to migrate the app? This is not nice, really.
Maybe it’s just for me, but it’s really not obvious from this
const { objectMapping, connections } = require('../models');
module.exports = async function forestadmin(app) {
app.use(await Liana.init({
configDir: path.join(__dirname, '../forest'),
envSecret: process.env.FOREST_ENV_SECRET,
authSecret: process.env.FOREST_AUTH_SECRET,
objectMapping,
connections,
}));
console.log(chalk.cyan('Your admin panel is available here: https://app.forestadmin.com/projects'));
};
that we need to define secret env variables, especially because we passed them as params to init function.
This leads to this error
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 [forest] 🌳🌳🌳 Unable to register the client
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 {
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "configuration": {
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "authorization_endpoint": "https://api.forestadmin.com/oidc/auth",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "device_authorization_endpoint": "https://api.forestadmin.com/oidc/device/auth",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "claims_parameter_supported": false,
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "claims_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "sub",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "email",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "sid",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "auth_time",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "iss"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "code_challenge_methods_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "S256"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "end_session_endpoint": "https://api.forestadmin.com/oidc/session/end",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "grant_types_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "authorization_code",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "urn:ietf:params:oauth:grant-type:device_code"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "id_token_signing_alg_values_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "HS256",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "RS256"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "issuer": "https://api.forestadmin.com",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "jwks_uri": "https://api.forestadmin.com/oidc/jwks",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "registration_endpoint": "https://api.forestadmin.com/oidc/reg",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "response_modes_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "query"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "response_types_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "code",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "none"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "scopes_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "openid",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "email",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "profile"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "subject_types_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "public"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "token_endpoint_auth_methods_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "none"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "token_endpoint_auth_signing_alg_values_supported": [],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "token_endpoint": "https://api.forestadmin.com/oidc/token",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "request_object_signing_alg_values_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "HS256",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "RS256"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "request_parameter_supported": false,
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "request_uri_parameter_supported": true,
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "require_request_uri_registration": true,
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "claim_types_supported": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "normal"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ]
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 },
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "registration": {
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "redirect_uris": [
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "https://api-staging.xxxxx.io/forest/authentication/callback"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 ],
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "token_endpoint_auth_method": "none"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 },
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "error": {
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "error": "unauthorized_client",
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 "error_description": "Web clients must be authenticated"
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 }
Jun 18 19:12:45 api-staging 32ed4ea9d23a33540a099efbe7d0889e1e15fd6e63afb0ac55abe57fd03d06b0 }
Also what about this step.
Running up multiple server instances
Where the command should be executed? Will it return a unique token, because what’s the purpose of doing that.
So let’s assume that I have 2 servers, then I need to execute this command twice and place the client id of each into env variables of different server instances, right?
Could you explain more?