When using the correct FOREST_ENV_SECRET I am expecting to work.
Please describe here the behavior you are expecting.
Actual behavior
On Browser console BE server raises a 500 when trying to access.
/forest/authentication/callback?error=UnauthorizedToAccessClientError&error_description=You are not allowed to access to this client&state={“renderingId”=>85890}
Please include any relevant log snippets, if necessary.
I’ve used the FOREST_ENV_SECRET
Generated a random auth_secret and used it.
Set the correct application_url
and used
Just to be sure, did you use this request by replacing FOREST_ENV_SECRET inside the header Authorization: Bearer FOREST_ENV_SECRET by its actual value?
Can you send me by DM the last characters of the env secret you used, along with your project and environment names?
After checking the request sent by the browser to https://api.forestadmin.com/oidc/auth it appears that the provided client_id at this stage is not correct.
So there is probably a configuration problem on your agent. You have to provide this new client id value to your application, as stated in the docs.
Yes, this has happened. We identified that the server has the latest client_id. Forest App (Browser) seems to be sending an old value. Is there a chance you are caching it on your side?
In fact, this client id sent by the browser is the one that your application provides to the browser. The authentication is done in multiple steps:
The browser contacts youserver/forest/authentication
Your server responds with a url to contact on the forest admin api: http://api.forestadmin.com/oidc/auth?client_id=XXX&[OTHER-PARAMS]
The browser contacts the Forest Admin server on this URL
The Forest Admin server authenticates the user that makes this call and returns an url on your server yourserver/forest/authentication/callback with a special code to finish the authentication process
The browser contacts your server at the provided URL
Your server checks the code and then creates a JWT that will authenticate the user on your server
You can see an incorrect clientId at step 2 because your server sends it to the browser. So I’m pretty sure that the configuration of your server is incorrect for this environment.
Hi @GuillaumeGautreau .
I went all they way creating a new client_id. I can verify in a rails console of that environment I am getting
The new client_id which I just generated by checking ForestLiana.forest_client_id . However the server from the Forest liana gem keeps sending an other value which is nowhere in an ENV variable or credentials.
I had a look on the source and looks like there is some caching on your side using Rails.cache
Apart from that I can see that my Rails.cache.read(callback_url) is present for that given url which means you are returning to me an old (deleted client) that does not exist anymore.
You are totally right, the client id is currently first retrieved from the cache, and only if it has not been found the application reads from the environment variable.
We will work on a fix to avoid this kind of mismatch between the client id and the env variable if provided.
In the meantime, is it possible for you to clear this cache entry? It will probably fix your problem.
