Closed komninoschatzipapas closed 3 years ago
@elitan @komninoschat was it an oversight to make JWT_KEY
required? I'd always relied on the auto-generated keys as described by JWT_KEY_FILE_PATH
's description on https://github.com/nhost/hasura-backend-plus/blob/master/docs/configuration.md#authentication-1.
These new requirements make it impossible to omit JWT_KEY
, which then cripples the auto-generated keys when JWT_KEY_FILE_PATH
is not found.
Also, printing false
in the startup logs when a required key is set is somewhat confusing: https://github.com/nhost/hasura-backend-plus/pull/580/files#diff-519a60f474e147c533c650d0c172a1112ccf306cdcd2d77558ae6d7cc0f84c5fR30. Is there not a better way to assert that the requirement was met? Does it concern anyone that secrets are being printed in plaintext in the logs?
Should I open a new issue for these?
@nikolowry Hey, thanks for bringing the JWT_KEY
bug to our attention. The other console.log
was just a debug leftover. Will fix both today.
@komninoschat Any news on this? This still seem to be broken when using jwk_url
in hasura configuration.
Resolves #564.