Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: "Your requested role is not in allowed roles" #536

Open
mmmoli opened this issue Jun 28, 2024 · 6 comments
Open

Error: "Your requested role is not in allowed roles" #536

mmmoli opened this issue Jun 28, 2024 · 6 comments
Assignees
@dbarrosop

Comments

@mmmoli
Copy link

mmmoli commented Jun 28, 2024

After upgrading from Auth version 0.21.2 to 0.32.1, I'm locked out of huge parts of my app. Anonymous users also loose access.

Original post: https://discord.com/channels/552499021260914688/1256230901059293226

I can confirm: reverting to 0.21.2 solves the issue.

Important Updates

  • It's nothing to do with whether or not a user is registered via the nhost dashboard.
  • Normal behaviour is to NOT add an entry in the auth.user_roles table for every user with role user
@dbarrosop dbarrosop self-assigned this Jun 28, 2024
@mmmoli
Copy link
Author

mmmoli commented Jun 28, 2024

I can neither confirm or deny that 0.27.0 works as I can't register users.

Relevant log in docker:

2024-06-28 14:32:16 {"time":"2024-06-28T13:32:16.017060178Z","level":"ERROR","msg":"call completed with errors","trace":{"trace_id":"26005cf2-d696-46e3-80f6-726b6cceaf17","span_id":"","parent_span_id":""},"request":{"status_code":500,"latency_time":103376542,"client_ip":"192.168.65.1","method":"POST","url":"/v1/signup/email-password","errors":["error inserting user: ERROR: permission denied for table event_log (SQLSTATE 42501)"]}}

other config:

[hasura]
version = 'v2.38.0-ce'

[functions]
[functions.node]
version = 18

[auth]
version = '0.27.0'

[postgres]
version = '14.11-20240515-1'

[storage]
version = '0.6.0'

@mmmoli
Copy link
Author

mmmoli commented Jun 28, 2024

0.26.0 is 🟢

@mmmoli
Copy link
Author

mmmoli commented Jul 1, 2024

More investigation today.

I managed to get this configuration working:

[postgres]
version = '14.11-20240515-1'
[storage]
version = '0.6.0'
[hasura]
version = 'v2.38.0-ce'
[auth]
version = '0.21.2'

Upgrading to
[auth] version = '0.32.0' triggers Your requested role is not in allowed roles

@dbarrosop
Copy link
Member

this error you shared:

2024-06-28 14:32:16 {"time":"2024-06-28T13:32:16.017060178Z","level":"ERROR","msg":"call completed with errors","trace":{"trace_id":"26005cf2-d696-46e3-80f6-726b6cceaf17","span_id":"","parent_span_id":""},"request":{"status_code":500,"latency_time":103376542,"client_ip":"192.168.65.1","method":"POST","url":"/v1/signup/email-password","errors":["error inserting user: ERROR: permission denied for table event_log (SQLSTATE 42501)"]}}

that's a different one that you can fix by running the following SQL:

GRANT USAGE ON SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT CREATE ON SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL TABLES IN SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL SEQUENCES IN SCHEMA hdb_catalog TO nhost_auth_admin;
GRANT ALL ON ALL FUNCTIONS IN SCHEMA hdb_catalog TO nhost_auth_admin;

Latest postgres image (which you are using based on the info above) should have these permissions, not sure why you are missing them. In any case, this is a one-time fix, run the SQL above and that error should be gone.

I am still trying to reproduce the error "Your requested role is not in allowed roles" but failing to do so. A few questions:

  1. How was the user created? Do you know the approximate request? Was it a regular signup/email-password? Deanonymazation? Some other mechanism? Any extra options being passed?
  2. Which auth version was it used?
  3. Which version is triggering the error? I am assuming 0.32.1
  4. What is the signin request you are making? Any extra options being passed?

@hrmoller
Copy link

hrmoller commented Aug 13, 2024
edited
Loading

I am seeing the above mentioned error (Your requested role is not in allowed role) fairly often on auth 0.32.1.

It typically happens immediately after I sign in and after a few refreshes (CMD+R) of the page it is working as expected.

Just to give my input on your questions above, @dbarrosop:

  1. My user was created using the Nhost Dashboard
  2. Good question but likely a version prior to 0.32.1, my best guess is 0.32.0 but I am not 100% on that.
  3. Currently happening on 0.32.1
  4. Signing in with email/password. using await nhost.auth.signIn({ email, password });.

A couple of observations:

  • I have not been able to trigger this error on any version of my application that have been deployed to Vercel, I am only seeing the error occuring when on my localhost connecting to my Nhost env running locally.
  • When logging the response from nhost.auth.signIn I've observed that the roles-field is empty ([]) and the same is the identical field in the output from useUserData for the first couple of refreshes and then at some point it becomes populated with the roles as expected and the calls to the API also works as expected.

@dbarrosop
Copy link
Member

Thanks, that's very useful info. I will see if I can replicate with the info you provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbarrosop dbarrosop

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mmmoli @hrmoller @dbarrosop