Expected behavior

Authentication to work across clustered apps

Actual behavior

The /authentication/callback endpoint fails with a 403

Context

NodeJS runs only on a single core, and it is possible for performance reasons to use nodejs clusters to fork your web server to use all cores. These cores do not share memory, which is not usually a problem so long as express endpoints do not rely on local shared memory, typically these things are pushed into a REDIS or other mem store.

However, in forest-express there is the use of a local cache in forest-express/src/services/oidc-client-manager.js. As far as I can tell, this is causing my clustered forest install to fail on authentication, since there is no guarantee the callback request goes to the same worker process.

No idea how to fix this without explicitly running on a single core.

Kind of curious why not just set that intialization on a more global initialization instead of first authentication hit, since the resulting "cache" is always the same.

It has been fixed for a while now. Before you needed to manually set the CLIENT_ID used to handle multi-instance authentication. It's not needed anymore.