FOREST_AUTH_SECRET how to set / choose

Expected behavior

I would expect to find documentation explaining how the FOREST_AUTH_SECRET is “chosen”. Also, how to obtain the value of this secret for a dev environment.

Actual behavior

I find the definition of FOREST_AUTH_SECRET in the glossary: " A private token - chosen by yourself - used to sign the data token." I do not find how to choose this token after searching the documentation. My local docker container has this environment variable set.

Creating a new environment only shows the “FOREST_ENV_SECRET” but not a FOREST _AUTH_SECRET". You can’t seem to copy the auth secret from any other environment for the same project because it is different in each case. Base on this, I can’t figure out how to create a new dev environment since setting only the FOREST_ENV_SECRET causes the environment to fail to start.

Hello @jesse-elve,

Thank you for sharing your issue.

An initial value for the FOREST_AUTH_SECRET token should be generated and included in the wizard commands that you need to copy/paste on your end.

For new environments, you can set FOREST_AUTH_SECRET to a random value in you configuration file.

1 Like


I came across the same problem (401 unauthorized + IP whitelist error + Unlock your data form) and tried to follow the solution above by setting FOREST_AUTH_SECRET to a random string as an environment variable in my forest admin backend container for test environments. As stated above there isn’t any problem with forest admin provided FOREST_AUTH_SECRET strings for production/staging. I’m creating environments through the forest-cli to get the ENV_SECRET and just set a random 32 alphanumeric character strings to FOREST_AUTH_SECRET, is there a step I’m forgetting?

it calls /session but there isn’t any forest session token in the request, it does appear for the production environment though.

Thanks a lot

Hi @julongbh and welcome to our community.
To clarify your problem and the context can you answer these few questions please?

The error occurred on a development environment?
Have you got any errors on your server start?

Hi @Arnaud_Moncel,

thank you for your answer,
yes it is a development environment, created through

forest environments:create -p=$FOREST_APPLICATION_ID -n=$ENV_NAME -u=https://$CI_COMMIT_REF_SLUG.admin.$BASE_DOMAIN --format=json

and I got this in my server log after trying a login

Your application is listening on port 80.
Your admin panel is available here:
GET / 200 10026 - 7.324 ms
GET / 200 10026 - 2.166 ms
GET / 200 10026 - 1.156 ms
GET / 200 10026 - 1.219 ms
GET / 200 10026 - 1.058 ms
GET / 200 10026 - 0.832 ms
GET / 200 10026 - 0.617 ms
GET / 200 10026 - 0.898 ms
GET / 200 10026 - 0.610 ms
GET / 200 10026 - 0.624 ms
GET / 200 10026 - 0.922 ms
GET / 200 10026 - 0.805 ms

You say, the /session route is called.
What is the result of this one ? Have you got a jwt token well formatted?
Have you got any error logs before / after this call on your server?

yes, the /session route is called and I got this in the inspector, no sign of token in there, and no error whatsoever in the logs of the forest admin backend

access-control-allow-credentials: true
content-length: 44
content-type: application/json; charset=utf-8
date: Tue, 18 Aug 2020 13:30:41 GMT
etag: W/"2c-F72gDdrlXS72IK0z3eSuP4xgxHw"
server: nginx/1.19.1
status: 401
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
x-powered-by: Express

:authority: [SERVER_URL]
:method: POST
:path: /forest/sessions
:scheme: https
accept: application/json, text/javascript, */*; q=0.01
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,fr;q=0.8,ko;q=0.7
content-length: 151
content-type: application/json; charset=UTF-8
dnt: 1
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36

request payload=
email: [MY_EMAIL]
password: [MY_PASSWORD]
projectId: "48974"
renderingId: "69981"
token: null
twoFactorRegistration: false

and I got this in the ENV vars

      DATABASE_SSL:        false
      APP_NAME:            location-admin
      DATABASE_ENCRYPT:    false
      NODE_ENV:            development

Instead for the production one, which is totally similar in term of deployment and config, I got token and everything working.

I got all the 401 errors appearing in my nginx-ingress logs though, but the production and development forest admin backend deploys got the exact same nginx config in front of it, so it doesn’t look like its a cors or routing config problem.

// the environment details
  "name": "review-backend-fix-deploy-forest",
  "apiEndpoint": "[ENDPOINT]",
  "secretKey": "[SECRET_KEY]",
  "isActive": true,
  "type": "development",
  "stage": "unknown",
  "lianaName": "forest-express-sequelize",
  "lianaVersion": "6.3.6",
  "twoFactorAuthenticationEnabled": false,
  "version": "1",
  "id": "58997",
  "currentBranch": null