Problems authenticating when upgrading to v7 of Liana (forest-express-mongoose)

I just did the upgrade from "forest-express-mongoose": "^3.2.4", to "forest-express-mongoose": "^7.7.1" as per your docs Upgrade to v7 - Documentation. Just having some trouble with the authentication now though. I don’t have my express server running on port 433 with HTTPS but instead, I have a load balancer in front of it that handles the HTTPS side of things. This worked with the previous version of Liana but not now. From the error message given it seems to be expecting the express node process itself to be running on port 433 locally.

Is this correct, it seems to be overly restrictive to dictate how the process runs on the server. Is there any way around this?

  • Package Version: 7.7.1
  • Express Version: 4.17
  • Database Dialect: MongoDB

These are the logs on my node server when this happens:


[forest] 🌳🌳🌳  Unable to register the client
{
  "configuration": {
    "authorization_endpoint": "https://api.forestadmin.com/oidc/auth",
    "device_authorization_endpoint": "https://api.forestadmin.com/oidc/device/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
      "sub",
      "email",
      "sid",
      "auth_time",
      "iss"
    ],
    "code_challenge_methods_supported": [
      "S256"
    ],
    "end_session_endpoint": "https://api.forestadmin.com/oidc/session/end",
    "grant_types_supported": [
      "authorization_code",
      "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "id_token_signing_alg_values_supported": [
      "HS256",
      "RS256"
    ],
    "issuer": "https://api.forestadmin.com",
    "jwks_uri": "https://api.forestadmin.com/oidc/jwks",
    "registration_endpoint": "https://api.forestadmin.com/oidc/reg",
    "response_modes_supported": [
      "query"
    ],
    "response_types_supported": [
      "code",
      "none"
    ],
    "scopes_supported": [
      "openid",
      "email",
      "profile"
    ],
    "subject_types_supported": [
      "public"
    ],
    "token_endpoint_auth_methods_supported": [
      "none"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [],
    "token_endpoint": "https://api.forestadmin.com/oidc/token",
    "request_object_signing_alg_values_supported": [
      "HS256",
      "RS256"
    ],
    "request_parameter_supported": false,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "claim_types_supported": [
      "normal"
    ]
  },
  "registration": {
    "redirect_uris": [
      "http://localhost:3000/forest/authentication/callback"
    ],
    "token_endpoint_auth_method": "none"
  },
  "error": {
    "name": "RequestError",
    "code": "ECONNREFUSED",
    "timings": {
      "start": 1623482042173,
      "socket": 1623482042173,
      "lookup": 1623482042173,
      "error": 1623482042174,
      "phases": {
        "wait": 0,
        "dns": 0,
        "total": 1
      }
    }
  }
}
[forest] 🌳🌳🌳  Unexpected error: connect ECONNREFUSED 127.0.0.1:443
{
  "name": "RequestError",
  "code": "ECONNREFUSED",
  "timings": {
    "start": 1623482042173,
    "socket": 1623482042173,
    "lookup": 1623482042173,
    "error": 1623482042174,
    "phases": {
      "wait": 0,
      "dns": 0,
      "total": 1
    }
  },
  "stack": "RequestError: connect ECONNREFUSED 127.0.0.1:443\n    at ClientRequest.<anonymous> (/home/ubuntu/out-there-api/node_modules/got/dist/source/core/index.js:956:111)\n    at Object.onceWrapper (events.js:422:26)\n    at ClientRequest.emit (events.js:327:22)\n    at ClientRequest.EventEmitter.emit (domain.js:486:12)\n    at ClientRequest.origin.emit (/home/ubuntu/out-there-api/node_modules/@szmarczak/http-timer/dist/source/index.js:39:20)\n    at TLSSocket.socketErrorListener (_http_client.js:469:9)\n    at TLSSocket.emit (events.js:315:20)\n    at TLSSocket.EventEmitter.emit (domain.js:486:12)\n    at emitErrorNT (internal/streams/destroy.js:106:8)\n    at emitErrorCloseNT (internal/streams/destroy.js:74:3)\n    at processTicksAndRejections (internal/process/task_queues.js:80:21)\n    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)"

1 Like

Hello, I got the same issue

This reply fixed it

Hello @Richard_Garner,

Thanks for your message and welcome to our community! :raised_hands:

Let us know if @wawrzy’s message solved your issue :wink:

Thanks!

Thanks for the response! Much appreciated. I upgraded the packages. Before doing so I got this:

yarn list agent-base
yarn list v1.22.10
warning Filtering by arguments is deprecated. Please use the pattern option instead.
β”œβ”€ agent-base@4.3.0
β”œβ”€ https-proxy-agent@5.0.0
β”‚  └─ agent-base@6.0.2
β”œβ”€ socks-proxy-agent@4.0.2
β”‚  └─ agent-base@4.2.1
└─ teeny-request@6.0.3
   └─ agent-base@6.0.2
✨  Done in 0.70s.

Then I ran yarn upgrade https-proxy-agent@latest agent-base@latest teeny-request@latest socks-proxy-agent@latest and got the following, but I am still getting the same error I was before.

yarn list agent-base
yarn list v1.22.10
warning Filtering by arguments is deprecated. Please use the pattern option instead.
β”œβ”€ @google/maps@1.1.3
β”‚  └─ agent-base@4.3.0
β”œβ”€ agent-base@6.0.2
β”œβ”€ http-proxy-agent@2.1.0
β”‚  └─ agent-base@4.3.0
β”œβ”€ pac-proxy-agent@3.0.1
β”‚  β”œβ”€ agent-base@4.3.0
β”‚  └─ socks-proxy-agent@4.0.2
β”‚     └─ agent-base@4.2.1
└─ proxy-agent@3.0.3
   β”œβ”€ agent-base@4.3.0
   └─ socks-proxy-agent@4.0.2
      └─ agent-base@4.2.1
✨  Done in 0.72s.

Unfortunately this hasn’t solved the issue.

Thanks, unfortunately it doesn’t appear to have solved my issue. Do you know why it’s trying to connect to 127.0.0.1:443 in the first place?

Hello @Richard_Garner,

Let’s try to help you. :handshake:

Upgrades
First of all, I see you upgraded from v3 to v7. Did you follow all the upgrade notes version by version ( I mean v3 β†’ v4 β†’ v5 β†’ v6 β†’ v7) ? It’s the best way to isolate potential regression.

Your issue
The error connect ECONNREFUSED 127.0.0.1:443, means the agent is trying to connect to https://localhost when trying to register the client instead of calling our server. This error comes from a dependency that we use for OIDC management. See this issue for more informations.

Back to you.

  1. Looking at the trace your agent (backend) should be running on http://localhost:3000. Am I right ?
  2. Can you try to upgrade @google/maps to the latest version ? I’ve seen that can cause the same error in an other thread.

Kind regards,
Morgan

1 Like

Hey,

It’s strongly encouraged to update to new agents that have enforced security and will continue to work on future Chrome version. You can find all detailed informations in the following thread.

As I said I found a thread where the user had the same issue caused by @google/maps. To be honest this specific issue is pretty obscure to me.

Cheers,
Morgan

Awesome, removing @google/maps worked! It must’ve been messing with the http module or something. @google/maps is deprecated for @googlemaps/google-maps-services-js. I installed that in its place and, after a few minor changes to how the methods are called, it played nicely with Forest Admin.

Thanks so much @morganperre @adriguy @wawrzy ! Appreciate your help on this.

2 Likes

Glad you finally manage to resolve the problem. :pray:

Have a nice journey @Richard_Garner.

1 Like