no pg_hba.conf entry for host

[arnaudjnn]

When I use a basic postgres url from Heroku free plan (without SSL) to the starter app I have the following error:

[next-auth][error][adapter_connection_error] error: no pg_hba.conf entry for host "XXXXXX", user "ephxczonkjdkzj", database "d1v6gumgmkk6mc", SSL off
    at Parser.parseErrorMessage (/Users/arnaudjeannin/Documents/wyno/node_modules/pg-protocol/dist/parser.js:278:15)
    at Parser.handlePacket (/Users/arnaudjeannin/Documents/wyno/node_modules/pg-protocol/dist/parser.js:126:29)
    at Parser.parse (/Users/arnaudjeannin/Documents/wyno/node_modules/pg-protocol/dist/parser.js:39:38)
    at Socket.<anonymous> (/Users/arnaudjeannin/Documents/wyno/node_modules/pg-protocol/dist/index.js:10:42)
    at Socket.emit (events.js:314:20)
    at addChunk (_stream_readable.js:307:12)
    at readableAddChunk (_stream_readable.js:282:9)
    at Socket.Readable.push (_stream_readable.js:221:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
  length: 167,
  severity: 'FATAL',
  code: '28000',
  detail: undefined,
  hint: undefined,
  position: undefined,
  internalPosition: undefined,
  internalQuery: undefined,
  where: undefined,
  schema: undefined,
  table: undefined,
  column: undefined,
  dataType: undefined,
  constraint: undefined,
  file: 'auth.c',
  line: '520',
  routine: 'ClientAuthentication'
} 
https://next-auth.js.org/errors#adapter_connection_error
(node:42484) UnhandledPromiseRejectionWarning: TypeError: Cannot destructure property 'manager' of 'connection' as it is null.
    at Object.<anonymous> (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:102:9)
    at Generator.next (<anonymous>)
    at asyncGeneratorStep (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:28:103)
    at _next (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:30:194)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:42484) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:42484) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

The app works well if I use sqlite.

I tried to add ssl=true but I have the following error:

[next-auth][error][adapter_connection_error] Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
    at TLSSocket.emit (events.js:314:20)
    at TLSSocket._finishInit (_tls_wrap.js:932:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
} 
https://next-auth.js.org/errors#adapter_connection_error
(node:42821) UnhandledPromiseRejectionWarning: TypeError: Cannot destructure property 'manager' of 'connection' as it is null.
    at Object.<anonymous> (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:102:9)
    at Generator.next (<anonymous>)
    at asyncGeneratorStep (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:28:103)
    at _next (/Users/arnaudjeannin/Documents/wyno/node_modules/next-auth/dist/adapters/typeorm/index.js:30:194)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:42821) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:42821) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

[iaincollins]

Please use the issue template when reporting an issue.

This does not sound like an issue with NextAuth.js.

[arnaudjnn]

I used the database configuration object and added the following object and it works.

ssl: true,
    extra: {
      ssl: {
        rejectUnauthorized: false
      },
    },

I don't know if it's the correct way to handle it.

[stale]

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep it open. (Read more at #912) Thanks!

[stale]

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!

[brunocrosier]

Ahh OK @arnaudjnn 's solution worked for me!

I was using a postgres db on heroku's free tier, and getting this pg_hba.conf error

Just to clarify the above solution, you need to make the change to [...nextauth].js

instead of database: process.env.DATABASE_URL you should have something like:

database: {
    type: "postgres",
    host: "ec2-54-144-251-233.compute-1.amazonaws.com",
    port: 5432,
    username: "insert_username_here",
    password:
      "insert_password_here",
    database: "insert_database_here",
    ssl: true,
    extra: {
      ssl: {
        rejectUnauthorized: false,
      },
    },
  },

Also, make sure that you run this: https://next-auth.js.org/schemas/postgres

[scalisi]

In addition to the solution provided by @arnaudjnn, another solution is to set the PGSSLMODE environment variable to no-verify.

brianc/node-postgres#2009 (comment)
brianc/node-postgres#2195
https://devcenter.heroku.com/articles/heroku-postgresql#connecting-in-node-js

[abcd-ca]

Thank you, @arnaudjnn and @brunocrosier! I was getting desperate with a site launch deadline looming, quite an obscure problem and fix! It worked for me.

I would like to understand the problem better. Is it Heroku's Postgres SSL cert that is self signed and Node.js that typically rejects self signed certificates and so this configuration does what exactly – it seems that ssl: true and rejectUnauthorized: false are opposite settings? Do the work together or does the latter override the former? Does this fix reduce security in a meaningful way?