Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

JWT validation failed

See original GitHub issue

Hello, it’s again me 😃

I have another problem with JWT auth and hasura and i can’t find a problem, help me pls!

I created valid access token:

eyJhbGciOiJSUzI1NiIsImtpZCI6IkJBODcxQkY5MTgwNTIzMjI2QzFFRTA4NkQxMDc4NEM5RTVCQTJCNjQiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJ1b2NiLVJnRkl5SnNIdUNHMFFlRXllVzZLMlEifQ.eyJuYmYiOjE1NDE0NTc0NjUsImV4cCI6MTU0MTQ2MTA2NSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJydWxlYm9vay1hcGkiXSwiY2xpZW50X2lkIjoiaW9zLmNsaWVudCIsInN1YiI6IjRkNDA2NGQxLWMzM2YtNDIzYi1iMjYyLWYzMmVhMTY5NjRhYSIsImF1dGhfdGltZSI6MTU0MTQ1NzQ2MSwiaWRwIjoiZ29vZ2xlIiwic2NvcGUiOlsib3BlbmlkIiwicnVsZWJvb2stYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbImV4dGVybmFsIl0sInJ1bGVib29rX2NsYWltcyI6eyJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIjpbInVzZXIiXSwieC1oYXN1cmEtZGVmYXVsdC1yb2xlIjoidXNlciIsIngtaGFzdXJhLXVzZXItaWQiOiI0ZDQwNjRkMS1jMzNmLTQyM2ItYjI2Mi1mMzJlYTE2OTY0YWEifX0.ue8QiHT_6ImIa0tZGPZUQwf2u_qKvXLmjzLzcKDVP-3B8YgJc3YMTeu_o8LLKzNer9earzSFN7bPV_-vNGF6404O-PX4_Z-2Le0AjsRVbVFdBvrTKiFQZ-hM44DREdQCr5iqAaRIGakpMrriYE0LZ9tbIdKE07DeFp-RD0_LP0pWCNGzqPBlFL2nGazy3iaZ0hZs5TarJgoRqK_ZlWGFlwdxSkhmRlKVQQcP1Q53eH9T5cc_B7VDqrgS_NkKuRzf8LoJvzTPBbgfYGUwim5tARK4bRLYhjyZvGR_VI56Es8shwnAGRzzD9KWP7Qvlb6AKVyYWJfvPrrd3669Xjp3fwevm2rmkUPbW5EqbDO03nwnp1PTrZnuNwK06oWWce6d2IbeDNwk58YyWDHFAxujUgKE7dvjupJ2k3lagTI8_S_6pRtshLrPl0WVHdich0FNtEniQ_GgSQ4ZZQ4TOKnK2zqH1d5dW2UzuEUak-tSfEbtBVPIWKtfjbM6jRH2HzlZMAV3zg2ZqnAcGImacPD2LKEQ4Ogzkv6ZYeDGasO-IRwQ5yeC9dFey7whUQ-BpE_8cF-4WCiKPY9meXXi8X53W8Y9VH2_g92m3ENxVqhVawb52LX4MZkmr5CTn_xVgfENzMUfsGb98AmUdGx3nLGe1nToLfhcqgCbvM5K3mH1ugU

It is validation public cert:

-----BEGIN CERTIFICATE-----
MIIEqjCCApICCQCaKHBlVYGwAzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxy
dWxlYm9vay5hcHAwHhcNMTgxMTA1MjIzNDQxWhcNMTkxMTA1MjIzNDQxWjAXMRUw
EwYDVQQDDAxydWxlYm9vay5hcHAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDSS8OtE6iUtGZx7ARakZcldGvCuH1Y7PBbErE1f7bOvCaJkaAjF8BoL+Xt
sMeMwAQK3rj1WtUcqqxZsmJy+LrfMaXoMcFvdzzdyiU6xEwMpqGACadiKNrVKSEh
i9IIXOo8P0uvSkxUhn8VvBgj/qshghcV7+Du957MgriTs5eKGcMMLa4yH54RG1xq
PTYQgWT6dzXSn1G/SCrQkJyhqoVW1Tebmf19TiHFRkwvVsuHbQJVvZ19rT0wWVIy
tngi8OH7xT/9kpqwkps/5iMmLmvHnK38PKUyoxaVHHeA3lkq2BfGbjGpg2tKOcVK
HQOarxYXochSYBvlFVorFoa2fV7H69tiJO4fzY3am92HfV6+0nDtzLyaON3ENoGJ
7Ju/0ukJcTgOkQ/P2ijr3gY3GHeKiHLACsrk4S42Dw5Mew0FycPbLbdFKl8e582+
AVi+YjM9Ck11tok4LOrtJWVyn0mn4XpcvWO2a1/h+gygCmja6oeazDibtGfqThYj
Fxr9rv7lohOlb+4lfaGfauTrYnqKGZtrUmgpC/9AiL7QVLFUJjllcmcJ53DvL8TJ
RsALcyjc1qOOEpghJxuenmxhaS6EF1rRTfVxGjh9ixbDdJ/scOscACOBPqgOLx58
vp18j4fPydlIU4klFbqBQKMOu0+KnJBrk3JfflKhh9h2A8zlPQIDAQABMA0GCSqG
SIb3DQEBCwUAA4ICAQBXcUi81h/SOK5x98lJGRGpFzEybcXfVWtXEIKWlwCXpfFc
SXcHskWLkO4F/pOPnCtX0CZBVhWRxigUp3uo4LbdLvvVFadoA2aYgapaFzmw2Rxo
HKUumuwvF1Si/ljvAWuoXPQ2AjzkKHLK6rkQeUX+qFjTwjM07jc0NwjOcxB6e32X
WpAPfVVHQc5fEYQSflSwYEyq8ExFTGWNCgtHhBsXoiHYTwnJtdDahy9dW/GY8RkQ
vSBEdH/bhTRTNS7ErajjYNhjMPUNrpa4RbOc2wqVZANrRju7uom5rrTZ6oOhe+mo
n/uCCpvjpKGK8SaYwUUcaZovOJQjC2GmqjLFMnJa0yI2L5lAbkjIaTdi8/tLkbY7
X2c8G1fXg1ursvpvZ4D2UBS6U0sHli2NRqq6IsKAMH2mv5HBEeg4pzOh5aSD8rxp
trz2e4pIRCVVc/KsFyvwp+EtLpPBm4RTMe3/qaICO0Ey9eJAIVdIEsUzq3BFeHVu
EYIG0SFmJ8vSYiz+3EWKiyhYu71HF7eFITYbGUinemJe60rTxgdAFT87l7a3A78C
JU9QcYSRkXXIsYMphxsa7xNNTwx+k+d6FtAgS9YZt8LpS/ipBaMMCI9kX3iEMjOo
A9kLfPoA0YDGjW0UM3FlW3n5nVzcm2oIr4qtBcNQshh4ufGVC/0SBntGmRFQLg==
-----END CERTIFICATE-----

Proof it’s valid:

https://imgur.com/a/UNpk5yG

It is my hasura configuration:

docker run -d -p 5002:8080 \
    --name rulebook-api \
    --network rulebook \
    hasura/graphql-engine:v1.0.0-alpha28 \
    graphql-engine \
    --database-url postgres://dev:dev@rulebook-api-db:5432/dev \
    serve \
    --enable-console \
    --access-key LocalHostKey \
    --jwt-secret '{"type":"RS256", "key": "-----BEGIN CERTIFICATE-----
MIIEqjCCApICCQCaKHBlVYGwAzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxy
dWxlYm9vay5hcHAwHhcNMTgxMTA1MjIzNDQxWhcNMTkxMTA1MjIzNDQxWjAXMRUw
EwYDVQQDDAxydWxlYm9vay5hcHAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDSS8OtE6iUtGZx7ARakZcldGvCuH1Y7PBbErE1f7bOvCaJkaAjF8BoL+Xt
sMeMwAQK3rj1WtUcqqxZsmJy+LrfMaXoMcFvdzzdyiU6xEwMpqGACadiKNrVKSEh
i9IIXOo8P0uvSkxUhn8VvBgj/qshghcV7+Du957MgriTs5eKGcMMLa4yH54RG1xq
PTYQgWT6dzXSn1G/SCrQkJyhqoVW1Tebmf19TiHFRkwvVsuHbQJVvZ19rT0wWVIy
tngi8OH7xT/9kpqwkps/5iMmLmvHnK38PKUyoxaVHHeA3lkq2BfGbjGpg2tKOcVK
HQOarxYXochSYBvlFVorFoa2fV7H69tiJO4fzY3am92HfV6+0nDtzLyaON3ENoGJ
7Ju/0ukJcTgOkQ/P2ijr3gY3GHeKiHLACsrk4S42Dw5Mew0FycPbLbdFKl8e582+
AVi+YjM9Ck11tok4LOrtJWVyn0mn4XpcvWO2a1/h+gygCmja6oeazDibtGfqThYj
Fxr9rv7lohOlb+4lfaGfauTrYnqKGZtrUmgpC/9AiL7QVLFUJjllcmcJ53DvL8TJ
RsALcyjc1qOOEpghJxuenmxhaS6EF1rRTfVxGjh9ixbDdJ/scOscACOBPqgOLx58
vp18j4fPydlIU4klFbqBQKMOu0+KnJBrk3JfflKhh9h2A8zlPQIDAQABMA0GCSqG
SIb3DQEBCwUAA4ICAQBXcUi81h/SOK5x98lJGRGpFzEybcXfVWtXEIKWlwCXpfFc
SXcHskWLkO4F/pOPnCtX0CZBVhWRxigUp3uo4LbdLvvVFadoA2aYgapaFzmw2Rxo
HKUumuwvF1Si/ljvAWuoXPQ2AjzkKHLK6rkQeUX+qFjTwjM07jc0NwjOcxB6e32X
WpAPfVVHQc5fEYQSflSwYEyq8ExFTGWNCgtHhBsXoiHYTwnJtdDahy9dW/GY8RkQ
vSBEdH/bhTRTNS7ErajjYNhjMPUNrpa4RbOc2wqVZANrRju7uom5rrTZ6oOhe+mo
n/uCCpvjpKGK8SaYwUUcaZovOJQjC2GmqjLFMnJa0yI2L5lAbkjIaTdi8/tLkbY7
X2c8G1fXg1ursvpvZ4D2UBS6U0sHli2NRqq6IsKAMH2mv5HBEeg4pzOh5aSD8rxp
trz2e4pIRCVVc/KsFyvwp+EtLpPBm4RTMe3/qaICO0Ey9eJAIVdIEsUzq3BFeHVu
EYIG0SFmJ8vSYiz+3EWKiyhYu71HF7eFITYbGUinemJe60rTxgdAFT87l7a3A78C
JU9QcYSRkXXIsYMphxsa7xNNTwx+k+d6FtAgS9YZt8LpS/ipBaMMCI9kX3iEMjOo
A9kLfPoA0YDGjW0UM3FlW3n5nVzcm2oIr4qtBcNQshh4ufGVC/0SBntGmRFQLg==
-----END CERTIFICATE-----
", "claims_namespace": "rulebook_claims"}'

And i’m getting response:

[error, Could not verify JWT: JWSError (CompactDecodeError "expected NonEmpty a, encountered String")]

What am i doing wrong?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:15 (9 by maintainers)

github_iconTop GitHub Comments

4reactions
frasertweedalecommented, Dec 18, 2018

jose-0.8.0.0 was released; includes fix: https://hackage.haskell.org/package/jose-0.8.0.0

2reactions
frasertweedalecommented, Dec 5, 2018

It’s a bug that has already been fixed (https://github.com/frasertweedale/hs-jose/commit/32c3efdba2b3520a8052ba2fe07ab04c073b8ec9) but the fix hasn’t made its way into a release yet. I’m planning to release v0.8 next week, which will include the fix for this bug. In the meantime, stripping the x5t field will help 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshooting JWT validation - OpenAPI
This page provides troubleshooting information if the JWT validation fails and ESP returns an error in the response to the client.
Read more >
what is the cause of the "JWT validation failed
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group. To unsubscribe from this group and stop...
Read more >
google cloud platform - JWT validation failed: BAD_FORMAT
I was generating an access token and was using that to access the api. What u need is a signed jwt token. I...
Read more >
JWT validation Failed with Invalid Key configuration error
Solved: Hi All, I am facing below issue in verifying the JWT in APIGEE. I am using below code in Verify JWT policy...
Read more >
IDX10501: Signature validation failed. Unable to match key ...
JWT Validation Failed: IDX10501: Signature validation failed. Unable to match key: \nkid: 'xxxxxxx'. \nNumber of keys in ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Bug report: Cannot return null for non-nullable field on subscription_root

Next page

customise generated type names in graphql schema