Kibana 7.10.2 gives Syntax Error after Patch

I’m trying to build Kibana 7.10.2 and RoR 1.40.0 docker image. node/bin/node plugins/readonlyrestkbn/ror-tools.js patch is also needed by this Kibana version.
And I’ve got Syntax Error when runing Kibana:

[ROR] - serve.js - intercepting config
Configuring logger failed: /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js:32

SyntaxError: Invalid or unexpected token
    at Module._compile (internal/modules/cjs/loader.js:723:23)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)

 FATAL  SyntaxError: Invalid or unexpected token

In the file /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js

class Issuer {
  #metadata;  // Error is here
  constructor(meta = {}) {
    const aadIssValidation = meta[AAD_MULTITENANT];
    delete meta[AAD_MULTITENANT];
    ['introspection', 'revocation'].forEach((endpoint) => {
      // if intro/revocation endpoint auth specific meta is missing use the token ones if they
      // are defined
      if (
        meta[`${endpoint}_endpoint`] &&
        meta[`${endpoint}_endpoint_auth_methods_supported`] === undefined &&
        meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] === undefined
      ) {
        if (meta.token_endpoint_auth_methods_supported) {
          meta[`${endpoint}_endpoint_auth_methods_supported`] =
        if (meta.token_endpoint_auth_signing_alg_values_supported) {
          meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] =

And also found other #metadata in /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js

    this.#metadata = new Map();

    Object.entries(meta).forEach(([key, value]) => {
      this.#metadata.set(key, value);
      if (!this[key]) {
        Object.defineProperty(this, key, {
          get() {
            return this.#metadata.get(key);
          enumerable: true,

Thank you @Billy for reporting this.
That #metadata is an interestingly named class field in the Issuer class of the node-openid-connect library.

Not sure the patcher is the culprit here. Maybe our transpiler is not taking care of it appropriately? @Dzuming WDYT?

Yes, that’s the problem with openid-client library and using the private class property JavaScript feature Private class features - JavaScript | MDN. It’s supported by node 12 and newer, but kibana 7.10,2 use node 10.23.1.

We need to transpile this feature somehow. I’m able to reproduce this issue and will take care of it.

1 Like

Thanks a lot.
I’m wondering if there any way I can avoid this error temporarily. Cause I got an ELK cluster with fixed version.

Hi @Billy,
Today @Dzuming found a nice solution to this problem: we will continue supporting OIDC authentication with Kibana < 7.12.0, using the older version of the OIDC client.

However, we will print a fat warning log about it at Kibana start up time where we warmly suggest to upgrade to a newer Kibana version in order to get the up-to-date OIDC client with all security fixes in place.

Please expect a pre build with this fix in place in a private message here in the forum.

Thanks a lot and with at least 20 characters LOL

1 Like