Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT

[naydenoff]

Describe the bug
Invalid JWT after issuing keys and running the docker as per the guide.

To Reproduce
Steps to reproduce the behavior:

1. Follow the Quick Start guide here - https://github.com/yjs/y-redis/tree/master?tab=readme-ov-file#quick-start-docker-compose
2. Run the following commands
   git clone https://github.com/yjs/y-redis.git
cd y-redis
npm i
cp .env.docker.template .env
npx 0ecdsa-generate-keypair --name auth >> .env
3. Here's how the .env looked like after running:

# This is a simple configuration to get this running using docker compose.

REDIS=redis://redis:6379

S3_ENDPOINT=minio
S3_PORT=9000
S3_SSL=false
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin

AUTH_PERM_CALLBACK=http://demo:5173/auth/perm
YDOC_UPDATE_CALLBACK=http://demo:5173/ydoc

LOG=* # log everything

## Generate the auth tokens with `npx 0ecdsa-generate-keypair --name auth >> .env

AUTH_PUBLIC_KEY={"key_ops":["verify"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384"}
AUTH_PRIVATE_KEY={"key_ops":["sign"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384","d":"5NefOVtM_NOxH5Chq5EvqZ_wyc_OueXtzGrV2FxwnUMz_Ik0J4TgpIsFCCfk6TnX"}

4. Run demo:
   cd ./demos/auth-express
docker compose up
5. Get the error listed below

worker-1  | using s3 store
server-1  | using s3 store
worker-1  |
demo-1    | Express Demo Auth server listening on port 5173
server-1  |
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1  | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50)

Expected behavior
Build the project using the Quick Start guide.

Environment Information

"dependencies": {
    "lib0": "^0.2.93",
    "redis": "^4.6.12",
    "uws": "github:uNetworking/uWebSockets.js#v20.40.0",
    "yjs": "^13.5.6"
  },
  "optionalDependencies": {
    "postgres": "^3.4.3",
    "minio": "^7.1.3"
  },
  "engines": {
    "npm": ">=8.0.0",
    "node": ">=20.0.0"
  },
  "devDependencies": {
    "@codemirror/lang-javascript": "^6.2.2",
    "@codemirror/state": "^6.4.1",
    "@codemirror/view": "^6.24.1",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/node": "^20.11.5",
    "@types/ws": "^8.5.10",
    "codemirror": "^6.0.1",
    "concurrently": "^8.2.2",
    "rollup": "^4.12.0",
    "standard": "^17.1.0",
    "typescript": "^5.3.3",
    "ws": "^8.16.0",
    "y-codemirror.next": "^0.3.2",
    "y-websocket": "^2.0.0"
  }

docker version
Client:
 Cloud integration: v1.0.35+desktop.5
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        afdd53b
 Built:             Thu Oct 26 09:04:20 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.26.1 (131620)
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       311b9ff
  Built:            Thu Oct 26 09:08:15 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.25
  GitCommit:        d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f
 runc:
  Version:          1.1.10
  GitCommit:        v1.1.10-0-g18a0cb0
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Additional context

1. I tried running the demo in separate terminals after installing redis using the following commands as per the full setup guide:

docker run -p 6379:6379 redis
docker run -p 9000:9000 -p 9001:9001 quay.io/minio/minio server /data --console-address ":9001"
npm run start:server
npm run start:worker

And then running the demo

cd demos/auth-express
npm i
npm start

In one of the attempts I got a different JWT error from the server - Expired JWT in addition to Invalid JWT:

Failed to auth to endpoint /y-redis-demo-app Error: Expired JWT
    at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:51:11)
    at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)
    at async upgrade (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/ws.js:117:50)
Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
    at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:47:11)
    at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)

2. In a separate application I tried authenticating using lib0 with the token that I logged from y-redis-demo-app, and it wasn't marked as invalid or expired.

[dmonad]

Hi @naydenoff ,

I believe that you got these warnings because you had an "old" client connected.

Auth tokens expire in ~1 hour. If the warning says that the token is expired, then it means that a client generated an auth token ~1h before. The client never reloaded and still uses an expired token.

I extended the demo to update the auth token in regular intervals. This is how it should be done in practice.

If the server wasn't able to verify the token, then it could mean that the public/private key changed. Maybe you regenerated the keypair while developing?

Let me know if the latest release fixes the issue.

[naydenoff]

Hi @dmonad

Thanks for the comment (sorry for the slow reply, I didn't get a notification).
Yes, I think at one point I regenerated the keys to try to make it work, however, I'm sure I several more "fresh start' tries.

Tried cloning and running the project again but I still got the Invalid JWT issue:

server-1  |     at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1  |     at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1  |     at async upgrade (file:///usr/src/app/src/ws.js:117:50) 

Before running it, I cleared out any old files, containers, and start over from a clean slate, strictly following the readme.

I've recorded a 2 min video showing the terminal input and output, the IDE and the docker client just for a reference.
https://github.com/yjs/y-redis/assets/77293029/9c92e06a-1b9b-475e-a37f-6e5a776b89de

What am I doing wrong? I feel like there's little room for error, am I missing something?