Moved from AWS to Heroku - can't login

So, rather than spending a small fortune on AWS hosting for my small application i’ve moved it all over to Heroku. I’ve yet to transfer the domain as i have one last feature to migrate which is the auth0 login.

my heroku dyno builds of exactly the same git repo as AWS so all the code is the same and my environment variables are the same - so my Auth0 client id, secret, audience etc. are all the same, yet when i login with my detail i get access denied.

i updated all my App’s in Auth0 to accept the heroku url for callbacks and logouts etc.

Am i missing some obvious configuration in Auth0?

The obvious configuration change would be application callback (and other URL related settings) and it seems you already covered those.

An access denied can originate from rules so it could be worthwhile to check that there are no rules that take a dependency on an AWS specific URL.

If rules don’t explain it a possible way to tackle this would be to start with a comparison based review; in other words, capture an HTTP trace for the login that works with AWS and then capture the same for the Heroku one. In theory, in terms of parameters and data sent in the requests to Auth0 the you should see an equivalent set of data and if you don’t that might point to the smoking gun.

If it does not you still have the HTTP traces so you can then redact them of sensitive information and share here as that could be helpful to troubleshoot the issue.

Thanks,

Yeah - i had a hunch on rules, but haven’t managed to see anything, so i’ll try to figure out HTTP traces :slight_smile:

2019-12-12T14:03:14.359037+00:00 heroku[router]: at=info method=GET path="/callback?code=[redacted]&state=[redacted]" host=stockport-badders.herokuapp.com request_id=[redacted] fwd="213.86.15.34" dyno=web.1 connect=0ms service=11ms status=200 bytes=12958 protocol=https
2019-12-12T14:03:14.225335+00:00 app[web.1]: USER:
2019-12-12T14:03:14.225893+00:00 app[web.1]: false
2019-12-12T14:03:14.225969+00:00 app[web.1]: INFO:
2019-12-12T14:03:14.227681+00:00 app[web.1]: { message: 'Unable to verify authorization request state.' }
2019-12-12T14:03:14.233199+00:00 app[web.1]: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
2019-12-12T14:03:14.233201+00:00 app[web.1]:     at ServerResponse.setHeader (_http_outgoing.js:485:11)
2019-12-12T14:03:14.233203+00:00 app[web.1]:     at ServerResponse.header (/app/node_modules/express/lib/response.js:771:10)
2019-12-12T14:03:14.233205+00:00 app[web.1]:     at ServerResponse.send (/app/node_modules/express/lib/response.js:170:12)
2019-12-12T14:03:14.233206+00:00 app[web.1]:     at done (/app/node_modules/express/lib/response.js:1008:10)
2019-12-12T14:03:14.233208+00:00 app[web.1]:     at tryHandleCache (/app/node_modules/ejs/lib/ejs.js:260:5)
2019-12-12T14:03:14.233209+00:00 app[web.1]:     at View.exports.renderFile [as engine] (/app/node_modules/ejs/lib/ejs.js:485:10)
2019-12-12T14:03:14.233211+00:00 app[web.1]:     at View.render (/app/node_modules/express/lib/view.js:135:8)
2019-12-12T14:03:14.233212+00:00 app[web.1]:     at tryRender (/app/node_modules/express/lib/application.js:640:10)
2019-12-12T14:03:14.233214+00:00 app[web.1]:     at Function.render (/app/node_modules/express/lib/application.js:592:3)
2019-12-12T14:03:14.233215+00:00 app[web.1]:     at ServerResponse.render (/app/node_modules/express/lib/response.js:1012:7)
2019-12-12T14:03:14.233217+00:00 app[web.1]:     at /app/app.js:1173:11
2019-12-12T14:03:14.233218+00:00 app[web.1]:     at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:71:5)
2019-12-12T14:03:14.233219+00:00 app[web.1]:     at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233221+00:00 app[web.1]:     at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233222+00:00 app[web.1]:     at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233224+00:00 app[web.1]:     at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233225+00:00 app[web.1]:     at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:67:12)
2019-12-12T14:03:14.233227+00:00 app[web.1]:     at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233228+00:00 app[web.1]:     at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233229+00:00 app[web.1]:     at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233230+00:00 app[web.1]:     at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233232+00:00 app[web.1]:     at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:67:12)
2019-12-12T14:03:14.233233+00:00 app[web.1]:     at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233235+00:00 app[web.1]:     at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233236+00:00 app[web.1]:     at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233238+00:00 app[web.1]:     at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233239+00:00 app[web.1]:     at next (/app/node_modules/express/lib/router/route.js:127:14)
2019-12-12T14:03:14.233240+00:00 app[web.1]:     at /app/app.js:182:29

back to the rules i guess… i don’t think this is telling me much other than it’s not recognising the user at all… despite is being a sign in using google which is the same as the aws on.

resolved it.

found this ticket:


and a question on stackoverflow:

which explain some things about state values, heroku and SSL ans well as how to resolve the problem

specifically i changed:
if (app.get(‘env’) === ‘production’) {
sess.cookie.secure = true; // serve secure cookies, requires https
}

to

if (app.get('env') === 'production') {
      app.set('trust proxy', 1); // trust first proxy
      sess.cookie.secure = true; // serve secure cookies, requires https
    } 

you could also leave all of the above out if you don’t want to use secure cookies.

hope this helps other :slight_smile:

1 Like

Perfect! Glad to hear you were able to figure it out!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.