Closed dvasdekis closed 5 years ago
sanderhahn
commented
5 years ago Possibly the user/owner is wrong (for instance postgres user, instead of the database owner configured in hasura connection settings). You can see the owner of your table using \dt hasura_user in the psql client.
sanderhahn
commented
5 years ago Added some more information on how to run the script: https://github.com/sander-io/hasura-jwt-auth/commit/4e19b3fbab3b7464ea5aeb27a2ef77d595bda0cb Does that help to resolve the issue?
dvasdekis
commented
5 years ago It does help, thank you. After trying those lines, I believe this error is occurring because the method of setting the hasura.jwt_secret_key is only valid for the current session by default in PostgreSQL. See doco here (Default value is SET SESSION). Starting a new session even as the same user or role, I then get the NOTICE: Example jwt_token: <NULL>s result above from the function.
I believe the solution would be to permanently store the JWT secret key. I tried to do this using ALTER SYSTEM instead of ALTER DATABASE, but ALTER SYSTEM can only apply to existing valid Postgresql.conf parameters, so the new hasura.jwt_secret_key parameter can't be set with this method. I think in order to solve this issue, the JWT secret key needs to be stored as a row in a table.
sanderhahn
commented
5 years ago Hey dvandekis, thanks for trying out and your additions :)
The alter database set ... doesn't work in the postgres database itself. However it does seem to work if you create an alternative database and set the config. Below i show a transcript of what i have tried. Would like to merge the docker quickstart and make some adjustments to it. However i think its a good idea to create a separate database and not let Hasura store everything in the main postgres database. Is it okay if i merge and revert the changes with respect to the row entry?
$ sudo -u postgres -i psql
[sudo] password for sander:
psql (10.9 (Ubuntu 10.9-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# alter database postgres set "hasura.jwt_secret_key" to 'jwtsecret of 32 characters or more';
ALTER DATABASE
postgres=# select current_setting('hasura.jwt_secret_key');
current_setting
-----------------
(1 row)
postgres=# create database example;
CREATE DATABASE
postgres=# alter database example set "hasura.jwt_secret_key" to 'jwtsecret of 32 characters or more';
ALTER DATABASE
postgres=# \connect example
You are now connected to database "example" as user "postgres".
example=# select current_setting('hasura.jwt_secret_key');
current_setting
------------------------------------
jwtsecret of 32 characters or more
(1 row)Refactored the scripts a bit and added some example todos to your quickstart. Moved some .env values back inline, hope you don't mind :-) Does the docker-compose and metadata work for you? Thanks again and best regards! Sander https://github.com/sander-io/hasura-jwt-auth/tree/master/quickstart
Hi Sander, I am following your scripts and the database generates and displays a JWT when it first initializes via below section of code:
The above returns the result of
NOTICE: Example jwt_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiIDogIjEiLCAiaXNzIiA6ICJIYXN1cmEtSldULUF1dGgiLCAiaWF0IiA6IDE1NjM5NTE4MjUsICJleHAiIDogMTU2NDAzODIyNSwgImh0dHBzOi8vaGFzdXJhLmlvL2p3dC9jbGFpbXMiIDogeyJ4LWhhc3VyYS11c2VyLWlkIiA6ICIxIiwgIngtaGFzdXJhLWRlZmF1bHQtcm9sZSIgOiAidXNlciIsICJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIiA6IFsidXNlciJdfX0.T87RNdXKP3QQhgl6i-QQy8FIp5ecsQxEdH2M8He7tdAswhich is as expected.However, if I then create a different connection to the database and run the below, I am unable to get the JWT again:
The above returns the result of
NOTICE: Example jwt_token: <NULL>swhich is problematic. Hasura will potentially use a different connection to the database for user creation VS token generation.