Unexpected error: connect ECONNREFUSED 127.0.0.1:443

I’m migrating to forest admin 7 and I’m running in to an issue while using the forest agent on my localhost. I can no longer connect to forest admin locally, even though this was working before. This issue was first identified here: Authentication error after migrating to forest-express-sequelize v7 - #3 by agarbund, but it appears that the poster fixed the problem but did not post their solution.

Failure Logs

[forest] 🌳🌳🌳  Unable to register the client
{
  "configuration": {
    "authorization_endpoint": "https://api.forestadmin.com/oidc/auth",
    "device_authorization_endpoint": "https://api.forestadmin.com/oidc/device/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
      "sub",
      "email",
      "sid",
      "auth_time",
      "iss"
    ],
    "code_challenge_methods_supported": [
      "S256"
    ],
    "end_session_endpoint": "https://api.forestadmin.com/oidc/session/end",
    "grant_types_supported": [
      "authorization_code",
      "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "id_token_signing_alg_values_supported": [
      "HS256",
      "RS256"
    ],
    "issuer": "https://api.forestadmin.com",
    "jwks_uri": "https://api.forestadmin.com/oidc/jwks",
    "registration_endpoint": "https://api.forestadmin.com/oidc/reg",
    "response_modes_supported": [
      "query"
    ],
    "response_types_supported": [
      "code",
      "none"
    ],
    "scopes_supported": [
      "openid",
      "email",
      "profile"
    ],
    "subject_types_supported": [
      "public"
    ],
    "token_endpoint_auth_methods_supported": [
      "none"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [],
    "token_endpoint": "https://api.forestadmin.com/oidc/token",
    "request_object_signing_alg_values_supported": [
      "HS256",
      "RS256"
    ],
    "request_parameter_supported": false,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "claim_types_supported": [
      "normal"
    ]
  },
  "registration": {
    "redirect_uris": [
      "http://localhost:3310/forest/authentication/callback"
    ],
    "token_endpoint_auth_method": "none"
  },
  "error": {
    "name": "RequestError",
    "code": "ECONNREFUSED",
    "timings": {
      "start": 1621288102003,
      "socket": 1621288102005,
      "lookup": 1621288102005,
      "error": 1621288102006,
      "phases": {
        "wait": 2,
        "dns": 0,
        "total": 3
      }
    }
  }
}
[forest] 🌳🌳🌳  Unexpected error: connect ECONNREFUSED 127.0.0.1:443
{
  "name": "RequestError",
  "code": "ECONNREFUSED",
  "timings": {
    "start": 1621288102003,
    "socket": 1621288102005,
    "lookup": 1621288102005,
    "error": 1621288102006,
    "phases": {
      "wait": 2,
      "dns": 0,
      "total": 3
    }
  },
  "stack": "RequestError: connect ECONNREFUSED 127.0.0.1:443\n    at ClientRequest.<anonymous> (/Users/slopes/forerunner/crs-dashboard/node_modules/openid-client/node_modules/got/dist/source/core/index.js:956:111)\n    at Object.onceWrapper (node:events:483:26)\n    at ClientRequest.emit (node:events:388:22)\n    at ClientRequest.EventEmitter.emit (node:domain:470:12)\n    at ClientRequest.origin.emit (/Users/slopes/forerunner/crs-dashboard/node_modules/openid-client/node_modules/@szmarczak/http-timer/dist/source/index.js:39:20)\n    at TLSSocket.socketErrorListener (node:_http_client:486:9)\n    at TLSSocket.emit (node:events:376:20)\n    at TLSSocket.EventEmitter.emit (node:domain:470:12)\n    at emitErrorNT (node:internal/streams/destroy:188:8)\n    at emitErrorCloseNT (node:internal/streams/destroy:153:3)\n    at processTicksAndRejections (node:internal/process/task_queues:80:21)\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1138:16)\n    at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:131:14)"
}

Context

Please provide any relevant information about your setup.

  • Package Version: 7.0.0
  • Express Version: 4.16.4
  • Sequelize Version: 6.5.0
  • Database Dialect: postgres
  • Database Version: 11.10

Note that I can curl / wget api.forestadmin.com just fine from my localhost, so I’m not entirely sure what’s going on.

Hello @schalkwijk, welcome in the community :partying_face:

During authentication, your agent is trying to connect to https://api.forestadmin.com, which, in your case, seems redirected to 127.0.0.1.

Could you please share with us the configuration variables that you set (please obfuscate the secrets before posting them).

Do you have access to http://api.forestadmin.com in the same context than the agent that you are running?

@schalkwijk I didn’t really fixed that issue but rather identified it’s caused by embedding Forest app within Nest.js framework Express instance. I haven’t yet had a chance to investigate it further but it can be fixed by manually retrieving client id and setting FOREST_CLIENT_ID env variable as described here.

@schalkwijk are you running your agent inside Nest.js?

@agarbund, thanks for the explanation!

@GuillaumeGautreau, thanks for the warm welcome! I’m not using Nest.js, no - just running my agent inside a pretty simple express server. Currently, it’s running on my Mac (not even within docker) and I can reach api.forestadmin.com from my terminal with a curl:

$ curl https://api.forestadmin.com/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

I believe I only have two Forest-related environment variables set:

FOREST_ENV_SECRET=XXXXXXXXXX
FOREST_AUTH_SECRET=XXXXXXXXXX

Thanks again for your help!

Can it be related to this problem:

It seems that third-party libraries can mess up with connections launched by openid-client which we are using under the hood.

Oh, wow - good find, @GuillaumeGautreau! I’ll see if I can’t figure out which dependency is causing the issue, if indeed that’s what’s happening here. I’ll ping this thread once I’ve figured it out.

@GuillaumeGautreau, that was it - @google/maps was causing the issue, and upgrading it removed that particular problem. I’m now encountering another issue, though - I still can’t log in to my admin portal, and there isn’t any obvious failure anywhere so I am unsure as to how to proceed.

Here’s a screenshot of the error I’m seeing:
Screen Shot 2021-05-18 at 6.14.02 PM

My network tab shows no failures after I press the Log in again button:

My console also has no failures:
Screen Shot 2021-05-18 at 6.17.10 PM

I added the cors headers and APPLICATION_URL environment variables as per this document, and I am not using a FOREST_CLIENT_ID. This issue happens both against my development environment and my production environment.

Any help would be appreciated!

Hi,

What is the response of the callback call? Please obfuscate the token, if any :slightly_smiling_face:

@GuillaumeGautreau, your debugging game is on point - my application server was intercepting the authentication callback request and returning my webapp, as opposed to letting the request go through to Forest’s own request handlers. With that resolved, it appears that all is in order - thank you for your time and I hope you have a great week.

For anyone else experiencing ECONNREFUSED error on request to 127.0.0.1, run

npm ls agent-base

and try to update all of packages which are using agent-base package.