So, rather than spending a small fortune on AWS hosting for my small application i’ve moved it all over to Heroku. I’ve yet to transfer the domain as i have one last feature to migrate which is the auth0 login.
my heroku dyno builds of exactly the same git repo as AWS so all the code is the same and my environment variables are the same - so my Auth0 client id, secret, audience etc. are all the same, yet when i login with my detail i get access denied.
i updated all my App’s in Auth0 to accept the heroku url for callbacks and logouts etc.
The obvious configuration change would be application callback (and other URL related settings) and it seems you already covered those.
An access denied can originate from rules so it could be worthwhile to check that there are no rules that take a dependency on an AWS specific URL.
If rules don’t explain it a possible way to tackle this would be to start with a comparison based review; in other words, capture an HTTP trace for the login that works with AWS and then capture the same for the Heroku one. In theory, in terms of parameters and data sent in the requests to Auth0 the you should see an equivalent set of data and if you don’t that might point to the smoking gun.
If it does not you still have the HTTP traces so you can then redact them of sensitive information and share here as that could be helpful to troubleshoot the issue.
2019-12-12T14:03:14.359037+00:00 heroku[router]: at=info method=GET path="/callback?code=[redacted]&state=[redacted]" host=stockport-badders.herokuapp.com request_id=[redacted] fwd="213.86.15.34" dyno=web.1 connect=0ms service=11ms status=200 bytes=12958 protocol=https
2019-12-12T14:03:14.225335+00:00 app[web.1]: USER:
2019-12-12T14:03:14.225893+00:00 app[web.1]: false
2019-12-12T14:03:14.225969+00:00 app[web.1]: INFO:
2019-12-12T14:03:14.227681+00:00 app[web.1]: { message: 'Unable to verify authorization request state.' }
2019-12-12T14:03:14.233199+00:00 app[web.1]: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
2019-12-12T14:03:14.233201+00:00 app[web.1]: at ServerResponse.setHeader (_http_outgoing.js:485:11)
2019-12-12T14:03:14.233203+00:00 app[web.1]: at ServerResponse.header (/app/node_modules/express/lib/response.js:771:10)
2019-12-12T14:03:14.233205+00:00 app[web.1]: at ServerResponse.send (/app/node_modules/express/lib/response.js:170:12)
2019-12-12T14:03:14.233206+00:00 app[web.1]: at done (/app/node_modules/express/lib/response.js:1008:10)
2019-12-12T14:03:14.233208+00:00 app[web.1]: at tryHandleCache (/app/node_modules/ejs/lib/ejs.js:260:5)
2019-12-12T14:03:14.233209+00:00 app[web.1]: at View.exports.renderFile [as engine] (/app/node_modules/ejs/lib/ejs.js:485:10)
2019-12-12T14:03:14.233211+00:00 app[web.1]: at View.render (/app/node_modules/express/lib/view.js:135:8)
2019-12-12T14:03:14.233212+00:00 app[web.1]: at tryRender (/app/node_modules/express/lib/application.js:640:10)
2019-12-12T14:03:14.233214+00:00 app[web.1]: at Function.render (/app/node_modules/express/lib/application.js:592:3)
2019-12-12T14:03:14.233215+00:00 app[web.1]: at ServerResponse.render (/app/node_modules/express/lib/response.js:1012:7)
2019-12-12T14:03:14.233217+00:00 app[web.1]: at /app/app.js:1173:11
2019-12-12T14:03:14.233218+00:00 app[web.1]: at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:71:5)
2019-12-12T14:03:14.233219+00:00 app[web.1]: at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233221+00:00 app[web.1]: at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233222+00:00 app[web.1]: at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233224+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233225+00:00 app[web.1]: at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:67:12)
2019-12-12T14:03:14.233227+00:00 app[web.1]: at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233228+00:00 app[web.1]: at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233229+00:00 app[web.1]: at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233230+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233232+00:00 app[web.1]: at Layer.handle_error (/app/node_modules/express/lib/router/layer.js:67:12)
2019-12-12T14:03:14.233233+00:00 app[web.1]: at trim_prefix (/app/node_modules/express/lib/router/index.js:315:13)
2019-12-12T14:03:14.233235+00:00 app[web.1]: at /app/node_modules/express/lib/router/index.js:284:7
2019-12-12T14:03:14.233236+00:00 app[web.1]: at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
2019-12-12T14:03:14.233238+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/index.js:275:10)
2019-12-12T14:03:14.233239+00:00 app[web.1]: at next (/app/node_modules/express/lib/router/route.js:127:14)
2019-12-12T14:03:14.233240+00:00 app[web.1]: at /app/app.js:182:29
back to the rules i guess… i don’t think this is telling me much other than it’s not recognising the user at all… despite is being a sign in using google which is the same as the aws on.
