Description
When running Deliberate Lab on a remote server and accessing it via an SSH tunnel (or VS Code Remote), logging in as an Experimenter fails with an authorization error. The same flow works perfectly when accessing the app directly on the remote server (e.g., via Remote Desktop).
Steps to Reproduce
- Run
./run_locally.sh on the remote server (e.g., via VS Code terminal).
- Access the app from your local machine at
localhost:4201.
- Click Sign In and use the mock Google Sign-in popup (on
localhost:9099) to select or create an Experimenter account.
- The popup disappears.
Actual Result
The main window displays the following message instead of loading the dashboard:
Participants do not have access to this page.
If you are a researcher, contact the owner(s) of this deployment and have them add your email address to the allowlist.
[Log Out]
Expected Result
Successful login and redirection to the Experimenter dashboard.
Root Cause Analysis
The frontend relies on the Firestore emulator to check the allowlist collection in frontend/src/services/auth.service.ts. The Firestore emulator runs on port 8080 (as configured in firebase.json).
If the environment (e.g., VS Code or a manual SSH tunnel) only forwards a subset of ports, the browser on the local machine cannot reach the required emulators.
Evidence
An nmap scan of localhost on the local machine reveals that port 8080 (Firestore) is closed, while 4201 and 9099 are open:
$ nmap -sT -P0 -p 4201,9099,8080,9000,5001,9199 localhost
...
PORT STATE SERVICE
4201/tcp open vrml-multi-use
5001/tcp open commplex-link
8080/tcp closed http-proxy
9000/tcp closed cslistener
9099/tcp open unknown
9199/tcp closed unknown
Because port 8080 is closed, the frontend cannot reach Firestore to verify the user's experimenter status, causing the authorization check to fail.
Suggested Solution
Ensure all required Firebase emulator ports are forwarded. In VS Code, this can be done by manually adding ports in the "Ports" panel or configuring them in .devcontainer.json / tasks.json if applicable.
Required ports:
- 4201 (Frontend)
- 9099 (Auth)
- 8080 (Firestore)
- 9000 (Database)
- 5001 (Functions)
- 9199 (Storage)
Description
When running Deliberate Lab on a remote server and accessing it via an SSH tunnel (or VS Code Remote), logging in as an Experimenter fails with an authorization error. The same flow works perfectly when accessing the app directly on the remote server (e.g., via Remote Desktop).
Steps to Reproduce
./run_locally.shon the remote server (e.g., via VS Code terminal).localhost:4201.localhost:9099) to select or create an Experimenter account.Actual Result
The main window displays the following message instead of loading the dashboard:
Expected Result
Successful login and redirection to the Experimenter dashboard.
Root Cause Analysis
The frontend relies on the Firestore emulator to check the
allowlistcollection infrontend/src/services/auth.service.ts. The Firestore emulator runs on port8080(as configured infirebase.json).If the environment (e.g., VS Code or a manual SSH tunnel) only forwards a subset of ports, the browser on the local machine cannot reach the required emulators.
Evidence
An
nmapscan oflocalhoston the local machine reveals that port8080(Firestore) is closed, while4201and9099are open:Because port
8080is closed, the frontend cannot reach Firestore to verify the user's experimenter status, causing the authorization check to fail.Suggested Solution
Ensure all required Firebase emulator ports are forwarded. In VS Code, this can be done by manually adding ports in the "Ports" panel or configuring them in
.devcontainer.json/tasks.jsonif applicable.Required ports: