Issue with passport authentication (pkce flow), token url not reachable from nodered


I am using nodered in Docker with authentication enabled.
I am using an oidc passport package with pkce support (@techpass/passport-openidconnect - npm) to authenticate in nodered. Using this package nodered is able to connect to the authorization endpoint of an identity service, and after valid authorisation of the user, this service calls the callback url of nodered with information necessary to request an access token. The passport then tries to retrieve an access token from the token endpoint of the same identity service. but nodered never seems to succeed to post a request to this endpoint. I allways get the following result:
Failed to obtain access token: Error: connect ECONNREFUSED

at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1187:16) {

errno: -111,


syscall: 'connect',

address: '',

port: 433

and the second endpoint is never called.

Both endpoint (authorization and token) have the same domain e.g.

The service was hosted in nginx. Adding nodered to that nginx domain did not resolve the issue so I removed that. If I use a package like superagent to do the post request, I get the same error.

If I use the settings received in the nodered callback endpoint and the same identity service token endpoint as configured in nodered to do the post request in Postman, the token endpoint is reachable and the request succeeds.

I am particularly puzzled that the first call to the authorization endpoint allways succeeds and is reachable from nodered, but the second call to the token endpoint allways fails and that the token endpoint does not seem reachable even if the information received in the nodered callback url seems valid if used in Postman.Does anyone have a clue what could cause this behaviour?

When you are calling that endpoint from Postman, where are you doing it from? A desktop/laptop or from the node-red server device?

The error is showing that node-red is calling to localhost ( but the path from Postman is probably taking a different route? If so, I think that is the clue to what may be going wrong.