Flowise icon indicating copy to clipboard operation
Flowise copied to clipboard
Published 2 weeks ago verified publisher icon FlowiseAI

Changing login password causes next login to be 403

Open howardtokka opened this issue 2 months ago • 3 comments

Describe the bug

Currently with version 3.0.8 with queue setup (one main two workers) with postgres and redis.

Updated the admin password with the default UI, but cannot login again after.

To Reproduce

Was trying to update the current admin password with the Update Profile page.

Update is successfully, but in the next login, it passes the login page but keep showing 403 with the request https://dev-fw-afd.annai.chat/api/v1/chatflows?type=CHATFLOW&page=1&limit=12 in the homepage.

Then tried to reset user password directly with npx flowise user "[email protected]" "somePassword"

Still no prevail.

Expected behavior

Being able to login with the new password

Screenshots

No response

Flow

No response

Use Method

npx flowise start

Flowise Version

3.0.8

Operating System

Linux

Browser

None

Additional context

keeps sending me to /unauthorized path

Image

howardtokka avatar Nov 07 '25 09:11 howardtokka

works fine, tested on postgres and redis running queue mode locally:

https://github.com/user-attachments/assets/43e13ff8-0da2-4652-86dc-a46565a700ca

HenryHengZJ avatar Nov 07 '25 13:11 HenryHengZJ

@HenryHengZJ Thanks turned out 3.0.10 was deployed as latest to our instance (PR #5228):

  • Enforces activeWorkspaceId validation on ALL API endpoints
  • Requires plain JWT claims: organizationId, workspaceId, roleId, permissions ⁠ ⁠Our JWT tokens use encrypted "meta" field instead of plain claims ⁠ ⁠Flowise 3.0.10 couldn't read encrypted "meta" field → returned 403 Forbidden

howardtokka avatar Nov 07 '25 14:11 howardtokka

can you elaborate more on the encrypted "meta" field ? how can we replicate? are you able to find a fix?

HenryHengZJ avatar Nov 13 '25 00:11 HenryHengZJ