Invalid IncomingMessage method when 'neonctl auth'

[frankievalentine]

Steps to reproduce

neonctl auth opens browser correctly, but upon hitting Authorize the command fails to redirect browser shows localhost IP http://127.0.0.1:54310/

Expected result

Authenticate and redirect successfully

Actual result

Not authenticated

Environment

Node 20.11.1 and Node 18.18.0 same result

Logs, links

/opt/homebrew/Cellar/neonctl/1.27.3/libexec/lib/node_modules/neonctl/node_modules/openid-client/lib/client.js:373
          throw new TypeError('invalid IncomingMessage method');
                ^

TypeError: invalid IncomingMessage method
    at Client.callbackParams (/opt/homebrew/Cellar/neonctl/1.27.3/libexec/lib/node_modules/neonctl/node_modules/openid-client/lib/client.js:373:17)
    at Server.<anonymous> (file:///opt/homebrew/Cellar/neonctl/1.27.3/libexec/lib/node_modules/neonctl/auth.js:69:44)
    at Server.emit (node:events:518:28)
    at parserOnIncoming (node:_http_server:1151:12)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17)

Node.js v20.11.1
- 

[duskpoet]

Is this behavior constant for you? I can't seem to reproduce this

[frankievalentine]

Is this behavior constant for you? I can't seem to reproduce this

Yes the behavior is constant. Maybe I am missing something because it's trying to connect to my localhost? Am I supposed to be actively connected to a newly created db in Neon before trying to authenticate?

[duskpoet]

No, only an account on Neon is required to use neonctl auth.
Localhost is expected, the flow is following:
neonctl auth -> cli starts a local server and opens request to the Neon auth provider in the browser, with redirect URL set to the local server URL -> you press "OK, auth" -> Neon auth provider redirects to the provided URL - 127.0.0.1: with query params containing necessary tokens -> cli gets tokens through this redirect, saves them and finishes the process

I see that error happens in the "OpenID" client and you do seem to have the latest cli version... I am a bit out of guesses. Maybe you could record a video and that will hopefully shine some light?

[johnowennixon]

I also am getting this error - but only on my second laptop. It worked fine on my almost identically configured main laptop. Both laptops are running Linux and have Chrome as the default browser - with a synchronised profile.

I had installed the latest version of neonctl and openid-client. But I tried earlier versions of both and got the same error.

Having added a console.log(input.method) in client.js, the invalid method is OPTIONS, which clearly is not a GET or PUT. I suspect the OPTIONS request is coming from my browser in a CORS pre-flight request. Why this has started happening on this browser, I have no idea.

I got the auth to work by temporarily switching from Chrome to Firefox as the default browser.

[duskpoet]

Quick googling didn't give any results. Maybe you can provide more details?

[shin-hama]

I faced the same problem.

$ neonctl auth
/usr/local/Cellar/neonctl/1.27.5/libexec/lib/node_modules/neonctl/node_modules/openid-client/lib/client.js:373
          throw new TypeError('invalid IncomingMessage method');
                ^

TypeError: invalid IncomingMessage method
    at Client.callbackParams (/usr/local/Cellar/neonctl/1.27.5/libexec/lib/node_modules/neonctl/node_modules/openid-client/lib/client.js:373:17)
    at Server.<anonymous> (file:///usr/local/Cellar/neonctl/1.27.5/libexec/lib/node_modules/neonctl/auth.js:69:44)
    at Server.emit (node:events:511:28)
    at parserOnIncoming (node:_http_server:1121:12)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17)

Node.js v20.3.0

Changing my browser from chrome to safari worked around the problem.

[duskpoet]

🎉 This issue has been resolved in version 1.27.6 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[duskpoet]

Hey! I did an honest attempt :D
Can you please validate if it helped?

[frankievalentine]

Fixed. Thank you @duskpoet. Curious, what was the issue?

[duskpoet]

Some browsers went for OPTIONS request in front of normal GET request and such request was passed to the openid library, which was not tolerated and caused an error.
I've added some code to properly process an OPTIONS request with CORS headers in response