DEVHIDE
Login Or Sign up

Hasura Auth Clarifications

75 Views Asked by At

I have 2 things which i would like to confirm before moving forward with the workaround i have in mind.

  1. When using JWT Auth with HS256 algorithm, i have a key which is less than 32 characters in length. I'm getting this error - "Error in $: Invalid JWK: Key size too small; should be at least 32 characters". So is this is an hard requirement ? or is there any trick to change this into a warning instead of an error ?

  2. Is it possible for us to customise the Hasura Console Authentication from admin secret ? for lets say to SSO or anything ?

hasura hasura-jwt
Original Q&A
1

There are 1 best solutions below

0
On

For the first one, yes it is a hard requirement. you can read more about it in RFC 7518

A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used with this algorithm. (This requirement is based on Section 5.3.4 (Security Effect of the HMAC Key) of NIST SP 800-117 [NIST.800-107], which states that the effective security strength is the minimum of the security strength of the key and two times the size of the internal hash value.)

Related Questions in HASURA

Related Questions in HASURA-JWT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.