Closed AbegaM closed 4 months ago
Hi,
I was testing obtain access tokens
and I was facing an error related to the JWT_SECRET
configuration. The error message secretOrPrivateKey must have a value
indicates that the JWT_SECRET
must have a value because it is used for token creation. However, it seems that the value of JWT_SECRET
is not being properly configured in the .env
file or in the terminal when we run the soul using yarn cli
.
Hello @TahaKhanAbdalli, If you are running soul in development
mode you should pass the JWT_SECRET
in the .env
file but if you want to test it from the CLI you need to manually edit the package.json
file like this
Hello @TahaKhanAbdalli, If you are running soul in
development
mode you should pass theJWT_SECRET
in the.env
file but if you want to test it from the CLI you need to manually edit thepackage.json
file like this
Hello @AbegaM - can you think of where this should be documented?
Hello @TahaKhanAbdalli, If you are running soul in
development
mode you should pass theJWT_SECRET
in the.env
file but if you want to test it from the CLI you need to manually edit thepackage.json
file like thisHello @AbegaM - can you think of where this should be documented?
I don't think the README
file is a good place to document this, should we create a new file in the does
folder @thevahidal ?
Hello @thevahidal , The comments in the PR are fixed, let us know if there is anything to fix
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
@thevahidal I have pushed a change and now we are using one secret value for both the access
and refresh
tokens and users can use the --ts
flag to pass the tokens secret from the CLI
or they can use the TOKEN_SECRET
variable in the .env
file
This change has also fixed the merge conflict with its base branch
Modifications
JWT_SECRET
andJWT_EXPIRATION_TIME
from theCLI
and from the environments/api/auth/token/obtain
for theLogin
featureobtainAccessToken
to sendaccess
andrefresh
tokens for the clientIssues
JWT_SECRET
andJWT_EXPIRATION_TIME
from the CLI and environment variables, should we separate the expiration time for theaccess token
and for therefresh token
?