search

authorizerdev / authorizer

Your data, your control. Fully open source, authentication and authorization. No lock-ins. Deployment in Railway in 120 seconds || Spin a docker image as a micro-service in your infra. Built in login page and Admin panel out of the box.
https://authorizer.dev
MIT License
1.61k stars 163 forks source link

I got an error: error_description: "invalid issuer" #169

Closed peter-wd-1 closed 2 years ago

peter-wd-1 commented 2 years ago

https://github.com/authorizerdev/authorizer/blob/1f3dec6ea628bcf12e64ad1dbf0b34a610c0be68/server/token/jwt.go#L99

Hi, I'm using sub domain with https connection as a authorizer server and trying to redirect main domain after use click to magic link.

So, Authorizer server is deployed on admin.main.com and on the same server I have main.com. I've add redirectURL: 'main.com' from the react app AuthorizerProvider. 

 <AuthorizerProvider
          config={{
            authorizerURL: 'https://admin.main.com',
            redirectURL: 'https://main.com',
            clientID: '---',
          }}>

But I get a error 

{
"error": "invalid_token",
"error_description": "invalid issuer"
}

Would you be able to help with this issue?

peter-wd-1 commented 2 years ago

I just found that I've set http from authorizer env file. Let me try to update it to https and let you know

previous docker-compose file:

- AUTHORIZER_URL=http://admin.main.co
peter-wd-1 commented 2 years ago

I've fixed after i've setup full address of url 

- AUTHORIZER_URL=https://www.admin.main.co

Also this could related so let me write down here:

Seems like authorizer has its own state beside user data which make it hard to scale up. I'm using docker swarm to deploy(by making replica number above 2) and when I scale up authorizer, looks like some setting valuables are stored in server itself, not entirely in external db. so I had to change settings both on two reqlicas to change env valuable from dashboard

db I'm referring to here is what I've setup in env file. DATABASE_URL=mongodb://root:test123@db:27017/

Is there a any way to scale up authorizer server?

lakhansamani commented 2 years ago

@peter-wd-1 here is the implementation detail

  1. On server start persist the current env state in db configured via env var.
  2. On server start put the env state in-memory for faster access
  3. 1st scenario helps in configuring env state via dashboard. Though I don't allow updating database related env via dashboard else it will be chicken-egg-problem :-D

Though there is a problem where updating env via dashboard will also not update the env var cache on other replicas and might require a restart for it. Noted this issue and will work on it for upcoming releases 👍

lakhansamani commented 2 years ago

Created issue for same: https://github.com/authorizerdev/authorizer/issues/170

Closing this one as it states invalid_issuer issue

peter-wd-1 commented 2 years ago

That make it sense whole a lot more thanks for explaining to me :)