Invalid client: not found << agian!

Hello all

I’m using 2022.3.4 and I’m getting invalid client: not found error regularly
especially when I open another tap !

is there something messed up? or changed?

Does it always show up for the user in question or just sometimes? If it’s constant, it might be some RBAC issue on your or our end. Try to give the user receiving the error a super admin role to see if it really is RBAC

@tjerman the user is already a super admin

and it happened to multiple users if we opened a tap the issue occurs
so if we want to work on several windows at the same time we open another browser !!

1 Like

Do you have multiple auth clients configured? Can you note down any configurations you have set up that you’d find relevant here?
This sounds like a strange one; I always work with a lot of tabs, and it works just fine. Have you moved servers/migrated the database/changed the domain recently?

@tjerman yes, I played with the deployment recently !!
also, I changed the domains … I’m not sure why is that a problem?

Perhaps worth validating if your .env variables are set correctly along with inspecting the auth_clients table records. A while back, I forked one of the staging instances to my local container, and I was getting the same error until I fixed up both of those (the .env and the auth client DB record).

Try the above while we investigate. We’re a bit pressed on developer time, so any help with additional findings would be awesome!

1 Like

hey @tjerman, we just did a re-deploy and it seems fine

Maybe it has something with our previous deployment!

1 Like

Re-deploy with the old database or completely new?

the old one!

as I said, I think it was related to our deployment since we change a lot of things in terms of DNS

What are some possible fixes for this?

I didn’t make any database or infrastructure changes. I’ve only been modifying workflows and templates. Suddenly, I’m getting this error.

I’ve cleared the cache and restarted the server, to no avail.

I also double checked and can see that client 304628406501244932 does exist. It’s the corteza-webapp client.

Any help would be appreciated since I’m locked out!

Here are the relevant logs:

{
  "level": "info",
  "ts": 1679403352.9276521,
  "logger": "http.rest",
  "msg": "HTTP request GET /api/system/locale/en-US+en/corteza-webapp-one",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000018",
  "method": "GET",
  "path": "/api/system/locale/en-US+en/corteza-webapp-one",
  "size": 0,
  "remote": "185.175.34.211"
}
{
  "level": "info",
  "ts": 1679403352.9277575,
  "logger": "http.rest",
  "msg": "HTTP request GET /auth/oauth2/default-client",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000019",
  "method": "GET",
  "path": "/auth/oauth2/default-client",
  "size": 0,
  "remote": "185.175.34.211"
}
{
  "level": "info",
  "ts": 1679403352.9277925,
  "logger": "http.rest",
  "msg": "HTTP response GET /api/system/locale/en-US+en/corteza-webapp-one",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000018",
  "method": "GET",
  "path": "/api/system/locale/en-US+en/corteza-webapp-one",
  "status": 200,
  "size": 2636,
  "duration": 0.000100493
}
{
  "level": "debug",
  "ts": 1679403352.9279337,
  "logger": "auth",
  "msg": "handling request",
  "url": "/auth/oauth2/default-client?redirect_uri=https://CENSORED_DOMAIN/auth/callback&scope=profile%20api&state=xhit07pmr5",
  "method": "GET"
}
{
  "level": "info",
  "ts": 1679403352.9279888,
  "logger": "http.rest",
  "msg": "HTTP response GET /auth/oauth2/default-client",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000019",
  "method": "GET",
  "path": "/auth/oauth2/default-client",
  "status": 303,
  "size": 238,
  "duration": 0.000208489
}
{
  "level": "info",
  "ts": 1679403353.9307299,
  "logger": "http.rest",
  "msg": "HTTP request GET /auth/oauth2/authorize",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000021",
  "method": "GET",
  "path": "/auth/oauth2/authorize",
  "size": 0,
  "remote": "185.175.34.211"
}
{
  "level": "debug",
  "ts": 1679403353.9309216,
  "logger": "auth",
  "msg": "handling request",
  "url": "/auth/oauth2/authorize?client_id=304628406501244932&redirect_uri=https%3A%2F%2FCENSORED_DOMAIN%2Fauth%2Fcallback&response_mode=query&response_type=code&scope=profile+api&state=xhit07pmr5",
  "method": "GET"
}
{
  "level": "debug",
  "ts": 1679403353.9309525,
  "logger": "auth",
  "msg": "starting new oauth2 authorization flow",
  "params": {
    "client_id": [
      "304628406501244932"
    ],
    "redirect_uri": [
      "https://CENSORED_DOMAIN/auth/callback"
    ],
    "response_mode": [
      "query"
    ],
    "response_type": [
      "code"
    ],
    "scope": [
      "profile api"
    ],
    "state": [
      "xhit07pmr5"
    ]
  }
}
{
  "level": "error",
  "ts": 1679403353.9319928,
  "logger": "auth",
  "msg": "error in handler",
  "error": "invalid client: not found"
}
{
  "level": "debug",
  "ts": 1679403353.932792,
  "logger": "auth",
  "msg": "template executed",
  "name": "error-internal.html.tpl"
}
{
  "level": "info",
  "ts": 1679403353.9328163,
  "logger": "http.rest",
  "msg": "HTTP response GET /auth/oauth2/authorize",
  "requestID": "7e6abac33b49/W8kDtvWJYL-000021",
  "method": "GET",
  "path": "/auth/oauth2/authorize",
  "status": 500,
  "size": 2502,
  "duration": 0.00203929
}

For future readers, the fix was to add a new handle with admin access called admin, maybe I had deleted it at some point? I’m not sure, but the trick below fixed it.

INSERT INTO public.auth_clients (id, handle, meta, secret, scope, valid_grant, redirect_uri, enabled, trusted, valid_from, expires_at, security, owned_by, created_at, updated_at, deleted_at, created_by, updated_by, deleted_by) VALUES (304628406501999991, 'admin', '{"name": "Corteza Web Applications (added as a corteza bug workaround)", "description": ""}', 'your super long secret, something like 24YR7YR8ALY37873SN8QR98L4NXWN6NLL739DR7P2B2Z26FY35942NLT74RZFKCMG7CR2285YZA4FJ38BY887E6TYW34K48SM762', 'profile api', 'authorization_code', '', true, true, null, null, '{}', 0, '2022-10-03 12:51:20.000000 +00:00', '2023-05-24 06:56:57.000000 +00:00', null, 0, 0, 0);

What do you mean by “admin access”?
Did your db not have any auth clients to start with?

I must have made a mistake when I wrote “admin access”, because looking at it again, I don’t see what I meant by th

I have no clue! I didn’t check that table before this issue came up.