Node.js Connection Refused

My Node.js connection is being refused. I have an express app running on localhost:5000. I’ve added https://localhost:5000 to the allowed web and CORS origins to my application config. The below code is resulting in:

The error:

Error: connect ECONNREFUSED 127.0.0.1:443
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
  errno: -61,
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '127.0.0.1',
  port: 443
}

The code in my Express route:

	var options = {
		method: 'POST',
		url: 'https://mytenant.us.auth0.com/oauth/token',
		headers: {'content-type': 'application/json'},
		body: '{"client_id":"myclientid","client_secret":"myclientsecret","audience":"https://localhost:5000/my/api","grant_type":"client_credentials"}'
	},
	r = https.request(options, (response) => {
		console.log('statusCode:', response.statusCode);
		console.log('headers:', response.headers);
		console.log(response);

		response.on('data', (d) => {
			console.log(d);
		});
	});

	r.on('error', (e) => {
		console.error(e);
	});
	r.end();

There’s something confusing on your description of the issue; the code you shared if for a token endpoint request associated with an Auth0 tenant. However, the error is about a connection error to 127.0.0.1 which would be your local machine.

In addition the error is about trying to connect to port 443 (the default for HTTPS); if you’re running HTTPS on port 5000 you should make sure that you don’t have any local request/link that omits that port as otherwise the default 443 would be used and likely trigger that error.

1 Like

Sorry about that, still a bit new to Node. I thought Auth0 was refusing my connection from localhost

No worries, technically some requests to Auth0 may fail depending on the origin from which the call originates, but that would mostly apply in client-side calls coming from web browsers were CORS would be in play like you also mentioned.

However, for calls coming from a backend (Node.js) it would be very unusual for the call to be blocked based on origin; in theory the IP address from your server could be blocked, but that would require really bad behavior like continuously exceeding rate limits so it would not be that common.