search

nhost / hasura-auth

Authentication for Hasura.
https://nhost.io
MIT License
372 stars 110 forks source link

Error: "Your requested role is not in allowed roles" #536

Open mmmoli opened 1 week ago

mmmoli commented 1 week ago

After upgrading from Auth version 0.21.2 to 0.32.1, I'm locked out of huge parts of my app. Anonymous users also loose access.

Original post: https://discord.com/channels/552499021260914688/1256230901059293226

I can confirm: reverting to 0.21.2 solves the issue.

Important Updates

mmmoli commented 1 week ago

I can neither confirm or deny that 0.27.0 works as I can't register users.

Relevant log in docker:

2024-06-28 14:32:16 {"time":"2024-06-28T13:32:16.017060178Z","level":"ERROR","msg":"call completed with errors","trace":{"trace_id":"26005cf2-d696-46e3-80f6-726b6cceaf17","span_id":"","parent_span_id":""},"request":{"status_code":500,"latency_time":103376542,"client_ip":"192.168.65.1","method":"POST","url":"/v1/signup/email-password","errors":["error inserting user: ERROR: permission denied for table event_log (SQLSTATE 42501)"]}}

other config:

[hasura]
version = 'v2.38.0-ce'

[functions]
[functions.node]
version = 18

[auth]
version = '0.27.0'

[postgres]
version = '14.11-20240515-1'

[storage]
version = '0.6.0'
mmmoli commented 1 week ago

0.26.0 is 🟢

mmmoli commented 6 days ago

More investigation today.

I managed to get this configuration working:

[postgres]
version = '14.11-20240515-1'
[storage]
version = '0.6.0'
[hasura]
version = 'v2.38.0-ce'
[auth]
version = '0.21.2'

Upgrading to [auth] version = '0.32.0' triggers Your requested role is not in allowed roles

dbarrosop commented 5 days ago

this error you shared:

2024-06-28 14:32:16 {"time":"2024-06-28T13:32:16.017060178Z","level":"ERROR","msg":"call completed with errors","trace":{"trace_id":"26005cf2-d696-46e3-80f6-726b6cceaf17","span_id":"","parent_span_id":""},"request":{"status_code":500,"latency_time":103376542,"client_ip":"192.168.65.1","method":"POST","url":"/v1/signup/email-password","errors":["error inserting user: ERROR: permission denied for table event_log (SQLSTATE 42501)"]}}

that's a different one that you can fix by running the following SQL:

GRANT USAGE ON SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT CREATE ON SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL TABLES IN SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL SEQUENCES IN SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL FUNCTIONS IN SCHEMA hdb_catalog TO nhost_auth_admin;

Latest postgres image (which you are using based on the info above) should have these permissions, not sure why you are missing them. In any case, this is a one-time fix, run the SQL above and that error should be gone.

I am still trying to reproduce the error "Your requested role is not in allowed roles" but failing to do so. A few questions:

  1. How was the user created? Do you know the approximate request? Was it a regular signup/email-password? Deanonymazation? Some other mechanism? Any extra options being passed?
  2. Which auth version was it used?
  3. Which version is triggering the error? I am assuming 0.32.1
  4. What is the signin request you are making? Any extra options being passed?