Error: Could not verify JWT: JWSError JWSInvalidSignature Hasura, Docker and Cognito
See original GitHub issueI’m developing an application in which I use AWS Cognito as authentication provider. The Hasura Engine is configured in a docker-compose file and it runs in a AWS EC2 machine.
Following this tutorial https://hasura.io/blog/hasura-authentication-explained/#cognito I set HASURA_GRAPHQL_JWT_SECRET as shows below:
HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256","jwk_url":"https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/jwks.json","claims_format":"stringified_json"}'
From the client, I get jwtToken from idToken and put it in authorization header:
{
Authorization: 'Bearer <jwttoken>'
}
Then follows the error:
nhandled Rejection (Error): Could not verify JWT: JWSError JWSInvalidSignature: {"response":{"errors":[{"extensions":{"path":"$","code":"invalid-jwt"},"message":"Could not verify JWT: JWSError JWSInvalidSignature"}],"status":200}
I don’t know if there is any error in my stringified jwks, is it the problem?
As told by @praveenweb in https://github.com/hasura/graphql-engine/issues/3513 I was careful about putting HASURA_GRAPHQL_JWT_SECRET value in a single quote.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:3
- Comments:12 (2 by maintainers)
Top Results From Across the Web
Could not verify JWT: JWSError JWSInvalidSignature
I believe the issue involved mismatch access token secret key resulting in the error JWT: JWSError JWSInvalidSignature.
Read more >Authentication using JWT | Hasura GraphQL Docs
The JWT is decoded, the signature is verified, then it is asserted that the requested role of the user (if specified in the...
Read more >Using JWTs for GraphQL Authorization with Hasura - Auth0
Learn how GraphQL APIs can be secured using JSON Web Tokens for authorization in the Hasura GraphQL Engine and CLI platform.
Read more >Authentication using JWTs | SuperTokens Docs
Hasura requires claims to be set in a specific way, ... JWT verification will fail because Hasura will not be able to query...
Read more >Error in JSON Web Key when setup with hasura - Getting advice
Hello, I am using hasura graphql engine for querying my database. and I would like to use keycloak for as authentification and autorization ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I am getting same error with firebase auth. After following this https://hasura.io/blog/authentication-and-authorization-using-hasura-and-firebase
Use case that is failing for me is following: I have hasura action that triggers firebase cloud function, within that unction I use firebases admin sdk to create new token https://firebase.google.com/docs/auth/admin/create-custom-tokens
I then try to make call to hasura and get same error
Admin is configured for same project as project id set in hasura
HASURA_GRAPHQL_JWT_SECRETI’m not sure if this is related but data here https://firebase.google.com/docs/auth/admin/create-custom-tokens#web looks different to whats in that blog postSomething that solved for me today is I was copying the access_token too instead of just the id_token in the response. Once I removed the part after &access_token= it worked.