Hasura Graphql JWT Issue

Question

I have deployed my Hasura Engine which is running inside a docker in a Linux server. And I have developed my jwt token auth code using nodeJs.

The problem is while adding the token to my Hasura API end point I am getting the below error:

  {
            "extensions": {
                "code": "invalid-jwt",
                "path": "$"
            },
            "message": "Could not verify JWT: JWTIssuedAtFuture"
        }

I have given the token expiration time to 120000(2 Minutes). And After 2 mins I don't get the above error, instead, I do get the proper response from the API.

What I am confused about is why I am getting the correct responses in delay.

Note : The docker container time and the Linux server time are not similar. Is that the issue?

Answer 1

The error clearly says that your generated JWT issued time is far ahead than your Hasura Docker Container.

At first try to find out the time difference from the container log. After figuring out the time difference then do subtract that time from the current time.

Finally put that subtracted time (must be in seconds) into your JWT logic. code.

  iat: subtractedTime

Answer 2

adding allowed_skew to the JWT issuer fixes it.

example my docker-compose.yml for Hasura: Note: Avoid this for production. link for reference

HASURA_GRAPHQL_JWT_SECRET: '{"jwk_url":"JWT_ISSUER_URL/api/auth/jwt/jwks.json", "allowed_skew": 86400}'