Expected behavior
I would expect to find documentation explaining how the FOREST_AUTH_SECRET is “chosen”. Also, how to obtain the value of this secret for a dev environment.
Actual behavior
I find the definition of FOREST_AUTH_SECRET in the glossary: " A private token - chosen by yourself - used to sign the data token." I do not find how to choose this token after searching the documentation. My local docker container has this environment variable set.
Creating a new environment only shows the “FOREST_ENV_SECRET” but not a FOREST _AUTH_SECRET". You can’t seem to copy the auth secret from any other environment for the same project because it is different in each case. Base on this, I can’t figure out how to create a new dev environment since setting only the FOREST_ENV_SECRET causes the environment to fail to start.
Hello @jesse-elve,
Thank you for sharing your issue.
An initial value for the FOREST_AUTH_SECRET token should be generated and included in the wizard commands that you need to copy/paste on your end.
For new environments, you can set FOREST_AUTH_SECRET to a random value in you configuration file.
1 Like
Hi,
I came across the same problem (401 unauthorized + IP whitelist error + Unlock your data form) and tried to follow the solution above by setting FOREST_AUTH_SECRET to a random string as an environment variable in my forest admin backend container for test environments. As stated above there isn’t any problem with forest admin provided FOREST_AUTH_SECRET strings for production/staging. I’m creating environments through the forest-cli to get the ENV_SECRET and just set a random 32 alphanumeric character strings to FOREST_AUTH_SECRET, is there a step I’m forgetting?
it calls /session but there isn’t any forest session token in the request, it does appear for the production environment though.
Thanks a lot
Hi @julongbh and welcome to our community.
To clarify your problem and the context can you answer these few questions please?
The error occurred on a development environment?
Have you got any errors on your server start?
Hi @Arnaud_Moncel,
thank you for your answer,
yes it is a development environment, created through
forest environments:create -p=$FOREST_APPLICATION_ID -n=$ENV_NAME -u=https://$CI_COMMIT_REF_SLUG.admin.$BASE_DOMAIN --format=json
and I got this in my server log after trying a login
Your application is listening on port 80.
Your admin panel is available here: https://app.forestadmin.com/projects
GET / 200 10026 - 7.324 ms
GET / 200 10026 - 2.166 ms
GET / 200 10026 - 1.156 ms
GET / 200 10026 - 1.219 ms
GET / 200 10026 - 1.058 ms
GET / 200 10026 - 0.832 ms
GET / 200 10026 - 0.617 ms
GET / 200 10026 - 0.898 ms
GET / 200 10026 - 0.610 ms
GET / 200 10026 - 0.624 ms
GET / 200 10026 - 0.922 ms
GET / 200 10026 - 0.805 ms
You say, the /session route is called.
What is the result of this one ? Have you got a jwt token well formatted?
Have you got any error logs before / after this call on your server?
yes, the /session route is called and I got this in the inspector, no sign of token in there, and no error whatsoever in the logs of the forest admin backend
Response=
access-control-allow-credentials: true
access-control-allow-origin: https://app.forestadmin.com
content-length: 44
content-type: application/json; charset=utf-8
date: Tue, 18 Aug 2020 13:30:41 GMT
etag: W/"2c-F72gDdrlXS72IK0z3eSuP4xgxHw"
server: nginx/1.19.1
status: 401
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
x-powered-by: Express
Request=
:authority: [SERVER_URL]
:method: POST
:path: /forest/sessions
:scheme: https
accept: application/json, text/javascript, */*; q=0.01
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,fr;q=0.8,ko;q=0.7
content-length: 151
content-type: application/json; charset=UTF-8
dnt: 1
origin: https://app.forestadmin.com
referer: https://app.forestadmin.com/location-admin/review-backend-fix-deploy-forest/Operations/data/pet/index
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36
request payload=
email: [MY_EMAIL]
password: [MY_PASSWORD]
projectId: "48974"
renderingId: "69981"
token: null
twoFactorRegistration: false
and I got this in the ENV vars
APPLICATION_PORT: 80
APPLICATION_HOST: [HOST]
DATABASE_URL: [MYSQL_STRING]
DATABASE_SSL: false
APP_NAME: location-admin
DATABASE_ENCRYPT: false
FOREST_AUTH_SECRET: [RANDOM_STRING]
FOREST_ENV_SECRET: [SECRET_FROM_FOREST_CLI]
NODE_ENV: development
Instead for the production one, which is totally similar in term of deployment and config, I got token and everything working.
I got all the 401 errors appearing in my nginx-ingress logs though, but the production and development forest admin backend deploys got the exact same nginx config in front of it, so it doesn’t look like its a cors or routing config problem.
// the environment details
{
"name": "review-backend-fix-deploy-forest",
"apiEndpoint": "[ENDPOINT]",
"secretKey": "[SECRET_KEY]",
"isActive": true,
"type": "development",
"stage": "unknown",
"lianaName": "forest-express-sequelize",
"lianaVersion": "6.3.6",
"twoFactorAuthenticationEnabled": false,
"version": "1",
"id": "58997",
"currentBranch": null
}
Hello team,
I lost FOREST_AUTH_SECRET on production, can you help to show me how to get it? or help to delete the existing production environment. My environment id 69686
Thanks in advance!
Hi @Harry_Nguyen, and welcome to our community 
,
As @anon79585656 stated here, FOREST_AUTH_SECRET how to set / choose - #2 by Guillaume_Deslandes, FOREST_AUTH_SECRET could be randomly chose when creating a new environment.
If you need specific actions to be made (For an environment deletion in your case), I suggest to contact this us via support@forestadmin.com.
Let me know if that helps 
1 Like