Hasura Auth Clarifications

Asked Oct 07 '22 at 07:44

Active Oct 10 '22 at 12:10

Viewed 54 times

0

I have 2 things which i would like to confirm before moving forward with the workaround i have in mind.

When using JWT Auth with HS256 algorithm, i have a key which is less than 32 characters in length. I'm getting this error - "Error in $: Invalid JWK: Key size too small; should be at least 32 characters". So is this is an hard requirement ? or is there any trick to change this into a warning instead of an error ?
Is it possible for us to customise the Hasura Console Authentication from admin secret ? for lets say to SSO or anything ?

edited Oct 07 '22 at 07:44

asked Oct 07 '22 at 07:44

Elan cheziyan

1
1
1

For the second part of your question, SSO is part of the Enterprise Edition – Arjun Yelamanchili Oct 11 '22 at 15:14

1 Answers1

0

For the first one, yes it is a hard requirement. you can read more about it in RFC 7518

A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used with this algorithm. (This requirement is based on Section 5.3.4 (Security Effect of the HMAC Key) of NIST SP 800-117 [NIST.800-107], which states that the effective security strength is the minimum of the security strength of the key and two times the size of the internal hash value.)

answered Oct 10 '22 at 12:10

Abdullah Saleem

3,701
1
19
30