[Bug/Enhancement] Cache the random HMAC_KEY #3540
Comments
|
Just set the HMAC_KEY in the config file and you won't have any issue anymore: https://github.com/iv-org/invidious/blob/master/config/config.example.yml#L465 |
|
@unixfox the problem is not an instance I control, it's instances under https://docs.invidious.io/instances/ |
|
Then send a message to each instance maintainer to set this value, I'll add that in the docs though. All the maintainers have opened an issue here so feel free to ping them here: https://github.com/iv-org/documentation/issues EDIT: I did ping all the maintainers in the github issues. wait and see |
unixfox
added
question
|
@unixfox Kinda stumbling on this issue again (iBicha/playlet#77) I really think this is a simple change that we can introduce to Invidious that persists the randomly generated key in the case it was not manually configured. Saving it to a file in a known location and checking it later is fine. And there isn't a good way to know if an instance if properly configured or not, until it starts randomly failing to maintain sessions, or to authorize tokens. |
|
No there is no easy way to cache the hmac key. Instead we can introduce a way to display in the API if the hmac key is set and then you can use it in your app. This also will help us deny or accept the new public instances if the hmac key is missing or not. If you are interested and the solution is good for you. You can either submit a PR with this new change or create an issue for tracking the feature request. |
Are you saying there's an easy way, or no easy way to cache the key? |
|
I've edited my last comment. |
iv-org/invidious#3854 iv-org/invidious#3540 Signed-off-by: Jakub Sokołowski <jakub@status.im>
Is your enhancement request related to a problem? Please describe.
I noticed that in a lot of instances, tokens stop working ("Invalid signature")
I investigated a bit, and I noticed that if HMAC_KEY will be random after reach restart, if it was not configured.
This means that all tokens will be immediately invalid after each restart.
This is strange, since it is recommended from people who host Invidious to restart often.
Describe the solution you'd like
I would like to have the HMAC_KEY (the randomly generated one -
HMAC_KEY = CONFIG.hmac_key || Random::Secure.hex(32)) to be cached between restarts, so that tokens do not randomly stop working.If we do not want to do that for some reason, then this config should be mandatory (e.g. invidious would not start without it - but that's an overkill probably)
Describe alternatives you've considered
I do not see any other way to prevent tokens from going invalid.
Additional context
This is not for the web frontend, this is for another app (Playlet) so we're using the token not the cookie. For that reason, it's important to keep the token alive. This has been a blocker and painful to find the account logged out every time.
The text was updated successfully, but these errors were encountered: