Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT

[naydenoff]

Describe the bug Invalid JWT after issuing keys and running the docker as per the guide.

To Reproduce Steps to reproduce the behavior:

1. Follow the Quick Start guide here - https://github.com/yjs/y-redis/tree/master?tab=readme-ov-file#quick-start-docker-compose
2. Run the following commands git clone https://github.com/yjs/y-redis.git cd y-redis npm i cp .env.docker.template .env npx 0ecdsa-generate-keypair --name auth >> .env
3. Here's how the .env looked like after running:

   
   # This is a simple configuration to get this running using docker compose.

REDIS=redis://redis:6379

S3_ENDPOINT=minio S3_PORT=9000 S3_SSL=false S3_ACCESS_KEY=minioadmin S3_SECRET_KEY=minioadmin

AUTH_PERM_CALLBACK=http://demo:5173/auth/perm YDOC_UPDATE_CALLBACK=http://demo:5173/ydoc

LOG=* # log everything

Generate the auth tokens with `npx 0ecdsa-generate-keypair --name auth >> .env

AUTH_PUBLIC_KEY={"key_ops":["verify"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384"} AUTH_PRIVATE_KEY={"key_ops":["sign"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384","d":"5NefOVtM_NOxH5Chq5EvqZ_wyc_OueXtzGrV2FxwnUMz_Ik0J4TgpIsFCCfk6TnX"}

4. Run demo:
`cd ./demos/auth-express`
`docker compose up`
5. Get the error listed below

worker-1 | using s3 store server-1 | using s3 store worker-1 | demo-1 | Express Demo Auth server listening on port 5173 server-1 | server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50) server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50) server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50) server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50) server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50) server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11) server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36) server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)

**Expected behavior**
Build the project using the Quick Start guide.

**Environment Information**

"dependencies": { "lib0": "^0.2.93", "redis": "^4.6.12", "uws": "github:uNetworking/uWebSockets.js#v20.40.0", "yjs": "^13.5.6" }, "optionalDependencies": { "postgres": "^3.4.3", "minio": "^7.1.3" }, "engines": { "npm": ">=8.0.0", "node": ">=20.0.0" }, "devDependencies": { "@codemirror/lang-javascript": "^6.2.2", "@codemirror/state": "^6.4.1", "@codemirror/view": "^6.24.1", "@rollup/plugin-commonjs": "^25.0.7", "@rollup/plugin-node-resolve": "^15.2.3", "@types/node": "^20.11.5", "@types/ws": "^8.5.10", "codemirror": "^6.0.1", "concurrently": "^8.2.2", "rollup": "^4.12.0", "standard": "^17.1.0", "typescript": "^5.3.3", "ws": "^8.16.0", "y-codemirror.next": "^0.3.2", "y-websocket": "^2.0.0" }

docker version Client: Cloud integration: v1.0.35+desktop.5 Version: 24.0.7 API version: 1.43 Go version: go1.20.10 Git commit: afdd53b Built: Thu Oct 26 09:04:20 2023 OS/Arch: darwin/arm64 Context: desktop-linux

Server: Docker Desktop 4.26.1 (131620) Engine: Version: 24.0.7 API version: 1.43 (minimum version 1.12) Go version: go1.20.10 Git commit: 311b9ff Built: Thu Oct 26 09:08:15 2023 OS/Arch: linux/arm64 Experimental: false containerd: Version: 1.6.25 GitCommit: d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0

**Additional context**
1. I tried running the demo in separate terminals after installing redis using the following commands as per the full setup guide:

docker run -p 6379:6379 redis docker run -p 9000:9000 -p 9001:9001 quay.io/minio/minio server /data --console-address ":9001" npm run start:server npm run start:worker

And then running the demo

cd demos/auth-express npm i npm start

In one of the attempts I got a different JWT error from the server - Expired JWT in addition to Invalid JWT:

Failed to auth to endpoint /y-redis-demo-app Error: Expired JWT at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:51:11) at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38) at async upgrade (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/ws.js:117:50) Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:47:11) at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)

2. In a separate application I tried authenticating using lib0 with the token that I logged from y-redis-demo-app, and it wasn't marked as invalid or expired.

[dmonad]

Hi @naydenoff ,

I believe that you got these warnings because you had an "old" client connected.

Auth tokens expire in ~1 hour. If the warning says that the token is expired, then it means that a client generated an auth token ~1h before. The client never reloaded and still uses an expired token.

I extended the demo to update the auth token in regular intervals. This is how it should be done in practice.

If the server wasn't able to verify the token, then it could mean that the public/private key changed. Maybe you regenerated the keypair while developing?

Let me know if the latest release fixes the issue.

[naydenoff]

Hi @dmonad

Thanks for the comment (sorry for the slow reply, I didn't get a notification). Yes, I think at one point I regenerated the keys to try to make it work, however, I'm sure I several more "fresh start' tries.

Tried cloning and running the project again but I still got the Invalid JWT issue:

server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50) 

Before running it, I cleared out any old files, containers, and start over from a clean slate, strictly following the readme.

I've recorded a 2 min video showing the terminal input and output, the IDE and the docker client just for a reference. https://github.com/yjs/y-redis/assets/77293029/9c92e06a-1b9b-475e-a37f-6e5a776b89de

What am I doing wrong? I feel like there's little room for error, am I missing something?