Unable to authenticate (okta) a post request to a route from within a route getting a 401 Unauthorized response. GET Request works

Unable to authenticate (okta) a post request to a route from within a route getting a 401 Unauthorized response. GET Request works

Questions : Unable to authenticate (okta) a post request to a route from within a route getting a 401 Unauthorized response. GET Request works

451

I have a nodejs app utilising express using in4codes_node.js @okta/okta-sdk-nodejs and in4codes_node.js @okta/oidc-middleware to handle in4codes_node.js authentication.

I have a number of routes that work fine and in4codes_node.js are authorised as expected. The following in4codes_node.js flow generates a 401 status code and I am in4codes_node.js struggling to work out why.

If I hit the route in4codes_node.js http://localhost:3000/b/f-e-info i get a in4codes_node.js response from an external API, this works, I in4codes_node.js then want to send this to another route in4codes_node.js /es/ingest/b/ts to get ingested I do this in4codes_node.js via a function in4codes_node.js callEs(‘/es/ingest/b/ts’,t.symbols) that in4codes_node.js uses axios this basically accepts a URL and in4codes_node.js the response data as parameters and posts in4codes_node.js the data to the es route in4codes_node.js router.post(‘/ingest/b/ts’, in4codes_node.js esParsersController.createTsDocs);. The in4codes_node.js route utilise the createTsDocs function as a in4codes_node.js call back which just takes care of ingesting in4codes_node.js the data into a database.

The error in the nodejs console:

POST /es/ingest/b/t 401 0.520 ms - 12 Error: Request failed with status code 401 at createError (login-portal/node_modules/axios/lib/core/createError.js:16:15) at settle (login-portal/node_modules/axios/lib/core/settle.js:17:12) at IncomingMessage.handleStreamEnd (login-portal/node_modules/axios/lib/adapters/http.js:260:11) at IncomingMessage.emit (events.js:326:22) at endReadableNT (_stream_readable.js:1252:12) at processTicksAndRejections (internal/process/task_queues.js:80:21) { config: { url: '/es/ingest/b/ts', method: 'post', data: '{"data":[{..},{...},{...}]}', headers: { Accept: 'application/json, text/plain, */*', 'Content-Type': 'application/json;charset=utf-8', 'User-Agent': 'axios/0.21.1', 'Content-Length': 113195 }, baseURL: 'http://localhost:3000', transformRequest: [ [Function: transformRequest] ], transformResponse: [ [Function: transformResponse] ], timeout: 3000, adapter: [Function: httpAdapter], xsrfCookieName: 'XSRF-TOKEN', xsrfHeaderName: 'X-XSRF-TOKEN', maxContentLength: -1, maxBodyLength: -1, validateStatus: [Function: validateStatus] }, request: <ref *1> ClientRequest { _events: [Object: null prototype] { socket: [Function (anonymous)], abort: [Function (anonymous)], aborted: [Function (anonymous)], connect: [Function (anonymous)], error: [Function (anonymous)], timeout: [Function (anonymous)], prefinish: [Function: requestOnPrefinish] }, _eventsCount: 7, _maxListeners: undefined, outputData: [], outputSize: 0, writable: true, destroyed: false, _last: true, chunkedEncoding: false, shouldKeepAlive: false, _defaultKeepAlive: true, useChunkedEncodingByDefault: true, sendDate: false, _removedConnection: false, _removedContLen: false, _removedTE: false, _contentLength: null, _hasBody: true, _trailer: '', finished: true, _headerSent: true, socket: Socket { connecting: false, _hadError: false, _parent: null, _host: 'localhost', _readableState: [ReadableState], _events: [Object: null prototype], _eventsCount: 7, _maxListeners: undefined, _writableState: [WritableState], allowHalfOpen: false, _sockname: null, _pendingData: null, _pendingEncoding: '', server: null, _server: null, parser: null, _httpMessage: [Circular *1], [Symbol(async_id_symbol)]: 744, [Symbol(kHandle)]: [TCP], [Symbol(kSetNoDelay)]: false, [Symbol(lastWriteQueueSize)]: 0, [Symbol(timeout)]: null, [Symbol(kBuffer)]: null, [Symbol(kBufferCb)]: null, [Symbol(kBufferGen)]: null, [Symbol(kCapture)]: false, [Symbol(kBytesRead)]: 0, [Symbol(kBytesWritten)]: 0, [Symbol(RequestTimeout)]: undefined }, _header: 'POST /es/ingest/b/ts HTTP/1.1rn' + 'Accept: application/json, text/plain, */*rn' + 'Content-Type: application/json;charset=utf-8rn' + 'User-Agent: axios/0.21.1rn' + 'Content-Length: 113195rn' + 'Host: localhost:3000rn' + 'Connection: closern' + 'rn', _keepAliveTimeout: 0, _onPendingData: [Function: noopPendingOutput], agent: Agent { _events: [Object: null prototype], _eventsCount: 2, _maxListeners: undefined, defaultPort: 80, protocol: 'http:', options: [Object], requests: {}, sockets: [Object], freeSockets: {}, keepAliveMsecs: 1000, keepAlive: false, maxSockets: Infinity, maxFreeSockets: 256, scheduling: 'fifo', maxTotalSockets: Infinity, totalSocketCount: 1, [Symbol(kCapture)]: false }, socketPath: undefined, method: 'POST', maxHeaderSize: undefined, insecureHTTPParser: undefined, path: '/es/ingest/b/ts', _ended: true, res: IncomingMessage { _readableState: [ReadableState], _events: [Object: null prototype], _eventsCount: 3, _maxListeners: undefined, socket: [Socket], httpVersionMajor: 1, httpVersionMinor: 1, httpVersion: '1.1', complete: true, headers: [Object], rawHeaders: [Array], trailers: {}, rawTrailers: [], aborted: false, upgrade: false, url: '', method: null, statusCode: 401, statusMessage: 'Unauthorized', client: [Socket], _consuming: true, _dumped: false, req: [Circular *1], responseUrl: 'http://localhost:3000/es/ingest/b/ts', redirects: [], [Symbol(kCapture)]: false, [Symbol(RequestTimeout)]: undefined }, aborted: false, timeoutCb: null, upgradeOrConnect: false, parser: null, maxHeadersCount: null, reusedSocket: false, host: 'localhost', protocol: 'http:', _redirectable: Writable { _writableState: [WritableState], _events: [Object: null prototype], _eventsCount: 2, _maxListeners: undefined, _options: [Object], _ended: true, _ending: true, _redirectCount: 0, _redirects: [], _requestBodyLength: 113195, _requestBodyBuffers: [], _onNativeResponse: [Function (anonymous)], _currentRequest: [Circular *1], _currentUrl: 'http://localhost:3000/es/ingest/b/ts', _timeout: Timeout { _idleTimeout: -1, _idlePrev: null, _idleNext: null, _idleStart: 2235827, _onTimeout: null, _timerArgs: undefined, _repeat: null, _destroyed: true, [Symbol(refed)]: true, [Symbol(kHasPrimitive)]: false, [Symbol(asyncId)]: 750, [Symbol(triggerId)]: 746 }, [Symbol(kCapture)]: false }, [Symbol(kCapture)]: false, [Symbol(kNeedDrain)]: false, [Symbol(corked)]: 0, [Symbol(kOutHeaders)]: [Object: null prototype] { accept: [Array], 'content-type': [Array], 'user-agent': [Array], 'content-length': [Array], host: [Array] } }, response: { status: 401, statusText: 'Unauthorized', headers: { 'x-powered-by': 'Express', 'content-type': 'text/plain; charset=utf-8', 'content-length': '12', etag: 'W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"', 'set-cookie': [Array], date: 'Wed, 17 Mar 2021 09:32:20 GMT', connection: 'close' }, config: { url: '/es/ingest/b/t', method: 'post', data: '{"data":[{...},{...},{...}]}', headers: [Object], baseURL: 'http://localhost:3000', transformRequest: [Array], transformResponse: [Array], timeout: 3000, adapter: [Function: httpAdapter], xsrfCookieName: 'XSRF-TOKEN', xsrfHeaderName: 'X-XSRF-TOKEN', maxContentLength: -1, maxBodyLength: -1, validateStatus: [Function: validateStatus] }, request: <ref *1> ClientRequest { _events: [Object: null prototype], _eventsCount: 7, _maxListeners: undefined, outputData: [], outputSize: 0, writable: true, destroyed: false, _last: true, chunkedEncoding: false, shouldKeepAlive: false, _defaultKeepAlive: true, useChunkedEncodingByDefault: true, sendDate: false, _removedConnection: false, _removedContLen: false, _removedTE: false, _contentLength: null, _hasBody: true, _trailer: '', finished: true, _headerSent: true, socket: [Socket], _header: 'POST /es/ingest/b/ts HTTP/1.1rn' + 'Accept: application/json, text/plain, */*rn' + 'Content-Type: application/json;charset=utf-8rn' + 'User-Agent: axios/0.21.1rn' + 'Content-Length: 113195rn' + 'Host: localhost:3000rn' + 'Connection: closern' + 'rn', _keepAliveTimeout: 0, _onPendingData: [Function: noopPendingOutput], agent: [Agent], socketPath: undefined, method: 'POST', maxHeaderSize: undefined, insecureHTTPParser: undefined, path: '/es/ingest/b/ts', _ended: true, res: [IncomingMessage], aborted: false, timeoutCb: null, upgradeOrConnect: false, parser: null, maxHeadersCount: null, reusedSocket: false, host: 'localhost', protocol: 'http:', _redirectable: [Writable], [Symbol(kCapture)]: false, [Symbol(kNeedDrain)]: false, [Symbol(corked)]: 0, [Symbol(kOutHeaders)]: [Object: null prototype] }, data: 'Unauthorized' }, isAxiosError: true, toJSON: [Function: toJSON] } If I just hit a GET Route in the es file It is authenticated as expected. 

app.js

var createError = require('http-errors'); var express = require('express'); var path = require('path'); var session = require('express-session'); var okta = require("@okta/okta-sdk-nodejs"); const { ExpressOIDC } = require('@okta/oidc-middleware'); const keys = require('./config/keys'); var bodyParser = require('body-parser') var app = express(); app.use( bodyParser.json({limit: "15360mb", type:'application/json'}) ); app.use(bodyParser.urlencoded({limit: '100mb', extended: true})); // Enabled the routes const dashboardRouter = require("./routes/dashboard"); const usersRouter = require("./routes/users");