TextHTTPError: Unauthorized after wiping & trying to start again cleanly with netlify CLI

I’m working off of a temporary domain building a simple static site for my partner who lost work and is looking to go private practice - I jumped the gun installing the VGS add-on to get a simple HIPAA contact form and went to authorize it before I had uploaded the new form with appropriate data attributes. This left things in a limbo where VGS formed a route, but they showed no form existing on the site despite getting submissions, and re-attempting the process led me to a state where VGS ate my form trying to insert itself multiple times.

I wiped the site and authorizations (hoping that would let me hook in again cleanly), and rebuilt a new site from the github repo since there wasn’t anything fancy there yet, but there seems to be some lingering config. Deleted the .netlify in my project folder and npm un/reinstalled netlify-cli a few times, always get the following if I run netlify link, netlify status, netlify init, etc

I assume there’s some lingering piece of config with old tokens / access that is still part of the process. Local machine is running macOS 10.15.4

https://eloquent-swanson-d8556c.netlify.app/ is the new domain (digging the parks and rec, and the hexadecimal at the end isn’t baby diarheaa colored, so that’s nice!)

Hi there, thanks for sharing this. Hmm, that is a weird error. I’m not quite sure if it is coming from us or from vgs. Maybe @Peter-VGS has some insight?

Thanks for reaching out - the problem was initially started with me jumping steps on the VGS install.

I’ve wiped my local .netlify config, uninstalled the module, and created a new netlify site and I’m still getting auth errors against netlify itself… I can’t even re-install the VGS plugin locally, or do anything else that requires me to hit auth. I don’t mind if you just wipe all the tokens/credentials on my account, there’s nothing there I can’t rebuild / remap easily (aside from the sweet parks n rec temporary URL).

Thanks to @perry for tagging me.

@erutan - I’m sorry to hear you’re having issues with this. I’ve pinged our engineers who built the integration, and if you drop us a note to support@verygoodsecurity.com we can get someone to help you out directly. This sounds like it might be a fairly straightforward auth / credential issue, but I’ll let our support team chime in.

1 Like

Will do, and no worries - it’s an interesting service you provide and I’m juggling projects so having this quiet down for a few days had no real impact. :slight_smile:

1 Like

thanks for jumping in, Peter! So glad you’re here in our forums for things like this! :smiley:

1 Like

Thanks for checking out the VGS add-on. I hope we get this up and running for you quickly, and we’d love to know more about your use case and whether we can help with anything else compliance-related. Cheers!

1 Like

netlify logout was the solution. >_> I guess there’s some state management locally buried way deeper than I thought!

The use case I’m building a static site for my partner who is a licensed therapist to serve as a marketing / brochure presence. Even the fact that someone contacted a therapist is HIPAA information, so her contact page is a little more convoluted than others (no HIPAA email is secure outside of the server it’s hosted on, good luck getting strangers to set up PGP keys):

My voicemail is secure and confidential.
[…]
While my email is secure and HIPAA-compliant for gmail users, please do not send confidential information by email. General inquiries and non-sensitive information are welcome.

We’ll be integrating Simple Practice, the leading PaaS in the field - they have an embeddable form widget that is part of a HIPAA compliant portal, but there’s a bit of friction in requiring a user to make an account on that portal before leaving a message. Having a simple compliant form allows potential clients to reach out to her with less steps.

1 Like