Ngrok “403: Forbidden”

mdnssebastian · October 19, 2022, 10:39pm

Hi,

ngrok by @inconshreveable                                                                                                                        (Ctrl+C to quit)

Session Status                online
Session Expires               1 hour, 51 minutes
Version                       2.3.40
Region                        United States (us)
Web Interface                 http://127.0.0.1:4040
Forwarding                    http://****-****-a61-11ba-6201-51f8-25ff-9def-f401.ngrok.io -> http://localhost:3000
Forwarding                    https://****-****-a61-11ba-6201-51f8-25ff-9def-f401.ngrok.io -> http://localhost:3000

Connections                   ttl     opn     rt1     rt5     p50     p90     
                              0       0       0.00    0.00    0.00    0.00

and setting up a flow:

const fetch = require('node-fetch')


exports.onExecutePostLogin = async (event, api) => {
    // 1.  
  const SECRET = event.secrets.AUTH0_HOOK_SECRET
  
  // 2.
  if (event.user.app_metadata.localUserCreated) {
    return
  }

  // 3.
  const email = event.user.email

  // 4.
  const request = await fetch('http://****-****-a61-11ba-6201-51f8-25ff-9def-f401.ngrok.io/api/auth/hook', {   // "localhost:3000" will be replaced before deploying this Action
    method: 'post',
    body: JSON.stringify({ email, secret: SECRET }),
    headers: { 'Content-Type': 'application/json' },
  })
  const response = await request.json()

  // 5.
  api.user.setAppMetadata('localUserCreated', true)
};

and then starting up the app locally and logging in, there seem to be no calls made to ngrok:

The code in the hook:

import prisma from "../../../lib/prisma";
import type { NextApiRequest, NextApiResponse } from "next";

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
    const { email, secret } = req.body;

    console.log('mail: ' + email)
    console.log('secret: ' + secret)

    if (req.method !== 'POST') {
        return res.status(403).json({ message: 'Method not allowed' });
    }

    if (secret !== process.env.AUTH0_HOOK_SECRET) {
        return res.status(403).json({ message: `You must provide the secret 🤫` });
    }
    // 3
    if (email) {
        // 4
        console.log('creating user: ' + email)
        await prisma.user.create({
            data: { email },
        });
        return res.status(200).json({
            message: `User with email: ${email} has been created successfully!`,
        });
    }
}

export default handler;

Otherwise, the login works:

the image is not displayed in an incognito tab but the user object does contain both the email and the link to the image profile.

Tried calling the endpoint with curl:


$ curl -X POST -H "Content-Type: application/json" -d '{"email": "sebi@gmail.com", "secret": "top"}' https://****-****-a61-11ba-6201-51f8-25ff-9def-f401.ngrok.io/api/auth/hook
{"message":"You must provide the secret 🤫"}

$ curl -X POST -H "Content-Type: application/json" -d '{"email": "sebi@gmail.com", "secret": "top"}' http://****-****-a61-11ba-6201-51f8-25ff-9def-f401.ngrok.io/api/auth/hook
{"message":"You must provide the secret 🤫"}

ngrok endpoints are reachable regardless of protocol (http(s)).

MamieR958 · October 20, 2022, 3:47pm

I have exactly the same problem.
mygiftcardsite visa

mdnssebastian · October 20, 2022, 4:49pm

Fixed it; process.env was not reading the stuff from .env

try to make a POST via curl