Getting an Error in $: not enough input error in my JWT auth token

[andywong418]

I'm getting an invalid jwt - Error in $: not enough input error when I try to curl my endpoint. Does anyone know what the issue might be? I'm using a HSA256 scheme.

[hgiasac]

@andywong418 what GraphQL Engine version do you use? This issue may be fixed on version 1.2 beta 4

[andywong418]

@hgiasac I think I'm on Hasura v1.1.1

[tirumaraiselvan]

@andywong418 Can you paste the token in https://jwt.io/ and see if it conforms to the spec Hasura expects: https://hasura.io/docs/1.0/graphql/manual/auth/authentication/jwt.html#the-spec

[andywong418]

@tirumaraiselvan { "sub": "USER_ID", "iat": 1587632091.513, "https://hasura.io/jwt/claims": { "x-hasura-allowed-roles": [ "mine", "user" ], "x-hasura-user-id": "USER_ID", "x-hasura-default-role": "user", "x-hasura-role": "user" } }

My user id is a uuid

[tirumaraiselvan]

@andywong418 Can you please confirm the Hasura version?

I am not able to repro this on v1.1.1

[andywong418]

@tirumaraiselvan yeah it is on Hasura v1.1.1

[tirumaraiselvan]

@andywong418 I tried to repro this with the exact same payload values and HS256 key configuration. It seemed to work fine.

Is it possible for you to launch a heroku instance where I can see the problem?

[andywong418]

@tirumaraiselvan could it be the UUID which is causing an issue?

[andywong418]

Do you mean creating a heroku instance with my existing schema?

[tirumaraiselvan]

Schema can be just minimal, but the HASURA_GRAPHQL_JWT_SECRET should be similar (maybe change the actual values a bit) and a sample token which throws the error.

[andywong418]

@tirumaraiselvan I have a database from scratch which is empty so I can just share the token I have now (and change config later). How should I share the details?

[andywong418]

@tirumaraiselvan I have a feeling it's because the types aren't compatible between a uuid and a string in Hasura and so it's telling me there's not enough input since x-hasura-user-id is invalid

[tirumaraiselvan]

@andywong418 Can you just share the token here?

[tirumaraiselvan]

Thanks @andywong418

The error has nothing to do with the JWT token but it is complaining of the actual data that has been posted. There is basically no operation that is given to the endpoint.

Try giving something like this, notice the data after the -d argument :

curl -X POST https://wondrous-hasura.herokuapp.com/v1/graphql -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJctODA1Ni1kZmZiMTc2YTg1NjciLCJuYW1lIjoiQW5kcm9zIFdvbmciLCJpYXQiOjE1ODc2NjE0OTMuMDc3LCJodHRwczovL2hhc3VyYS5pby9qd3QvY2xhaW1zIjp7IngtaGFzdXJhLWFsbG93ZWQtcm9sZXMiOlsibWluZSIsInVzZXIiXSwieC1oYXN1cmEtdXNlci1pZCI6IjJkZjk5ZmRkLWM4ZDctNDk1Ny04MDU2LWRmZmIxNzZhODU2NyIsIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6InVzZXIiLCJ4LWhhc3VyYS1yb2xlIjoidXNlciJ9fQ.PPY8qk40JIqoZKAmx6Wii2USYzKu1UyLfEIKTWWH_yo' -d'{"query": "query { __typename}"}

[andywong418]

Problem solved - @tirumaraiselvan I'd suggest in the docs https://hasura.io/docs/1.0/graphql/manual/auth/authentication/jwt.html that it should be explicitly mentioned that access control is necessary for roles like 'user' or 'editor' to work. The docs makes it seem like it's built in to Hasura and so no further setup is necessary. A link on the page to https://hasura.io/docs/1.0/graphql/manual/auth/authorization/roles-variables.html would have been helpful. Thanks!