Hasura Graphql JWT Issue

Question

I have deployed my Hasura Engine which is running inside a docker in a Linux server. And I have developed my jwt token auth code using nodeJs.

The problem is while adding the token to my Hasura API end point I am getting the below error:

  {
            "extensions": {
                "code": "invalid-jwt",
                "path": "$"
            },
            "message": "Could not verify JWT: JWTIssuedAtFuture"
        }

I have given the token expiration time to 120000(2 Minutes). And After 2 mins I don't get the above error, instead, I do get the proper response from the API.

What I am confused about is why I am getting the correct responses in delay.

Note : The docker container time and the Linux server time are not similar. Is that the issue?

score 2 · Accepted Answer · answered Mar 21 '23 at 09:21

2

The error clearly says that your generated JWT issued time is far ahead than your Hasura Docker Container.

At first try to find out the time difference from the container log. After figuring out the time difference then do subtract that time from the current time.

Finally put that subtracted time (must be in seconds) into your JWT logic. code.

  iat: subtractedTime

answered Mar 21 '23 at 09:21

Shihab Abrar Hossain

251
2
5

I am having the same issue. Was anyone able to resolve this? – Muhammad Arslan Akhtar Apr 14 '23 at 18:54

score 0 · Answer 2 · answered Apr 14 '23 at 19:29

0

adding allowed_skew to the JWT issuer fixes it.

example my docker-compose.yml for Hasura: Note: Avoid this for production. link for reference

HASURA_GRAPHQL_JWT_SECRET: '{"jwk_url":"JWT_ISSUER_URL/api/auth/jwt/jwks.json", "allowed_skew": 86400}'

answered Apr 14 '23 at 19:29

Muhammad Arslan Akhtar

491
7
23

Hasura Graphql JWT Issue

2 Answers2