π Bug Report: Persistent Onboarding Redirect Loop (Self-Hosted Docker) - JWT environmentId is nullΒ #9569
Description
π Description
The self-hosted Novu application gets stuck in an infinite redirect loop immediately after a successful login, landing the user on the onboarding setup screen (/auth/application or /auth/questions). This occurs because the API fails to inject the environmentId into the newly generated JWT token, which is a critical claim required by the frontend router to load the main dashboard.
π Reproduction steps
- Use the docker-compose.yml with API: :2.2.0 and Web: :0.24.7 (or :latest).
- Ensure MongoDB, Redis, and MinIO are running stably.
- Manually create a User, Organization, Member, and Development Environment in MongoDB (all records exist and are linked).
- Log in via the Web UI.
- Observe the redirect to /auth/application.
- Verify: Check the JWT token in Local Storage; the payload shows environmentId: null.
π Expected behavior
Upon logging in with a fully set up user (Organization, Member, Environment created in DB), the user should be redirected directly to the Dashboard (/templates).
π Actual Behavior with Screenshots
The user successfully logs in (receives a 201 Created status and a token) but is redirected to the onboarding setup page, due to the following API error in the JWT payload:
// Token Payload (Decoded)
{
// ... other valid claims ...
"organizationId": "69274945c19f80355bbe196b",
"environmentId": null, // <--- CRITICAL BUG: This field is null.
"roles": ["admin"],
// ...
}
The frontend routing guard sees environmentId: null and forces the redirection loop.
Novu version
v2.2.0
npm version
10.8.2
node version
v20.18.0
π Provide any additional context for the Bug.
We have eliminated all external/configuration issues:
β Solved all Docker dependency errors (ECONNREFUSED, S3/MinIO, YAML syntax).
β Manually created and linked all necessary MongoDB documents (users, organizations, members, environments).
β Ensured the user document has showOnBoarding: false and productUseCases set to true.
β Implemented network-level blocking (extra_hosts: 0.0.0.0) to suppress LaunchDarkly CORS errors that crashed the React component.
β Attempted to force the session switch via console script (/v1/auth/organizations/[id]/switch).
Conclusion: The bug is deep-seated in the API's authentication code for versions :2.2.0 to :latest.
π Have you spent some time to check if this bug has been raised before?
- I checked and didn't find a similar issue
π’ Have you read the Contributing Guidelines?
- I have read the Contributing Guidelines
Are you willing to submit PR?
None