secret file for jwt authentication doesn't work

[67570700]

I use HS256 alg to do jwt authentication. I write my secret key in secret.txt.
I use following Caddyfile :
:8080 { gzip log access.log

jwt { path / secret /usr/local/caddy_jwt/secret.txt allow user aaron allow user leo }

proxy /api xx.xx.xx.xx:80 }

I issue get request with valid jwt token. But got 401 status code . I switch to use JWT_SECRET env . it work.

[BTBurke]

What troubleshooting did you try? We have tests in the codebase that show it's working.

Could be that you have an extra carriage return in the file, it's not UTF-8, file permissions problem... A bunch of things. You should look at those first and see if that fixes the issue.

[sinni800]

Turns out it's "really hard" to save a file without a trailing newline.

echo and pipe? nope. Nano? Nope. Vi? Nope. I had to use printf to print the string to the file without the trailing newline.

Please ignore one trailing newline in the secret file, everyone else in Linux does it too.

# od -xc secret 
0000000    727a    384d    5932    6378    3065    5a39    4c36    5a47
          z   r   M   8   2   Y   x   c   e   0   9   Z   6   L   G   Z
0000020    374f    5947    456b    6362    0a61
          O   7   G   Y   k   E   b   c   a  \n
0000032

And without newline:

#od -xc secret 
0000000    727a    384d    5932    6378    3065    5a39    4c36    5a47
          z   r   M   8   2   Y   x   c   e   0   9   Z   6   L   G   Z
0000020    374f    5947    456b    6362    0061
          O   7   G   Y   k   E   b   c   a
0000031

[BTBurke]

Will look into it, but feel free to submit a pull request if you want it done faster. Generally, I feel like writing a secret in a file using an editor is an anti-pattern since you should have code generating a secret that is random, not writing one manually in a file.

[magnuswatn]

Tips: to create a file without trailing newline, you can use the "-n" switch to echo. e.g.: echo -n 'YouSecretHere' > ./yoursecretfile