I cannot login to my production environment on AWS using liana v7.x

Context

My application runs well on development and production using liana v6.7

Since I upgraded to liana v7 using this tutorial, I am not able to connect to production environment (but it works fine on development).

Production is hosted on AWS with a load balancer + ECS containers.

The error I get is the following =>

GET: https://<My_Production_URL>/forest/authentication/callback?code=xxxxxxxxxxxxxxx

{"error":"InvalidClientIdError","error_description":"The provided client id does not match the id received at first place."}

Why it fails

Liana v7 introduces a new auth flow to avoid entering twice your password:

  • when connecting forest,
  • when entering the app (Liana v7 removes this step)

This new flow uses OpenID mechanism and the usage of CLIENT_ID variable.

This CLIENT_ID is generated by default per instance of your app.
So, in a context of a load balancer, the CLIENT_ID will change when you hit a different instance.

This is why you get an error during the flow: the CLIENT_ID is not consistent across the different calls to your backend.

2 Likes

Here is the solution @SebastienP :point_down:t3:

It’s simply solved by generating a valid and consistent CLIENT_ID per environment and setting up the env variable FOREST_CLIENT_ID for your environment that will be shared by all your Production instances.

More details on the implementation here: Setup a static clientId

1 Like