Invalid token error when trying to login node-red

Node-RED: v1.0.6
Node: v10.20.1
OS: Linux xxxxxxxx 3.10.0-514.10.2.el7.x86_64 #1 SMP Thu Mar 2 11:35:29 PST 2017 x86_64 x86_64 x86_64 GNU/Linux

It is worthwhile to note that I am using Docker and persisting node-red data in /data directory. i.e. The settings.js and other files are on the host (/data directory - which is mounted to node-red container /data).

Some background: We make use of Node-RED to create backend APIs for one of our web applications i.e. Node-RED is the backend for our Angular app.

I am able to set up auth using bcrypt and adminAuth setting in the settings.js file. I can login to Node-RED here. Now I want to push these changes to multiple other servers.

I do a docker commit for the image and push the data from the volume (/data) in the form of a tar and push it to a registry. This image is extracted by other hosts that sort out the volume using the entrypoint of the docker image.

Problem: While the login works for the host where I set it up, it does not work for the other servers where I pushed the node-red containers.

I get below error in trace:

10/07/2020 17:05:3510 Jul 11:35:35 - [audit] {"event":"auth.invalid-token","level":98,"timestamp":1594380935483}

10/07/2020 17:06:1110 Jul 11:36:11 - [audit] {"event":"","username":"admin","client":"node-red-editor","scope":"","level":98,"timestamp":1594380971194}

10/07/2020 17:10:0210 Jul 11:40:02 - [audit] {"event":"auth.invalid-token","level":98,"timestamp":1594381202139}

10/07/2020 17:19:4010 Jul 11:49:40 - [audit] {"event":"auth.login","username":"admin","client":"node-red-editor","scope":"*","level":98,"timestamp":1594381780401}

I do not get a 'Login failed' message. It just attempts to log in and then comes back to login screen.

UPDATE: I tried to change the auth from hardcoded value to custom authentication. It seems like a token issue. Here a the errors from my custom login:

11/07/2020 13:27:0611 Jul 07:57:06 - [audit] {"event":"auth.invalid-token","level":98,"timestamp":1594454226435}
11/07/2020 13:27:17Logged In // This is a custom message from my custom login
11/07/2020 13:27:1711 Jul 07:57:17 - [audit] {"event":"auth.login","username":"123456789","client":"node-red-editor","scope":"*","level":98,"timestamp":1594454237413}

I am guessing it has something to do with getting or storing tokens. Any help with this appreciated.

The UI does not display any error at the Login screen. It just appears to attempt to login and gets back to login screen.

I am also facing same kind of problem.Have you found any solution so far?

I did manage to identify the issue. In my case, we were pushing the images to multiple servers that were load balanced using HAProxy. So, when we attempt to login Node-RED, it autheticates, saves the session in a file on the filesystem, then does a get call to retrieve the session. Since we have it load balance in round-robin fashion, the get request goes to the next available server (where i cannot find the session). So in this case, one solution is to enable sticky sessions on HAProxy using cookies.

1 Like

thanks for the response . I will have to figure out my problem.It looks different with same error message.

Are you sure you’ve updated the right settings file? Are file system permissions for the node-red user correct? Does the .sessions.json file get updated when you attempt logging in?

=>Below id the index file of my NODE-RED Application

Please check if that helps.

@avinashchuahan pasting lots of screenshots of code does not help.

I can now see you are doing this on IBM Cloud - I've already responded to your other thread with some questions for you to answer.

To save me having to do a line-by-line comparison, have you modified this code at all from what the IBM Cloud Node-RED starter kits gives you to begin with?

I have not done any modification to this file.I tried restarting the node-red Application and saw the logs.
Everything looks fine.

It's like when I am giving the Login credential problem arises.

And have you set the NODE_RED_USERNAME and NODE_RED_PASSWORD environment variables, or are you using the credentials you provided to the setup screens you were shown when you first accessed the application?

I have not used environment variable.It's the same way I provided during setup.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.