hasura-backend-plus icon indicating copy to clipboard operation
hasura-backend-plus copied to clipboard

Published 20 hours ago • verified publisher icon nhost

Wait loop when using JWKS

Open SVerkuil opened this issue 3 years ago • 2 comments

Describe the bug When using JWKS hasura-backend-plus will wait with starting until hasura (graphql-engine) is ready. But graphql-engine will never become ready because it will wait for the JWKS endpoint of hasura-backend-plus to become ready first.

To Reproduce Steps to reproduce the behavior:

  1. Create environment using provided docker compose
  2. Change graphql-engine to use JWKS HASURA_GRAPHQL_JWT_SECRET: '{"type": "RS256", "jwk_url": "http://hasura-backend-plus:3000/auth/jwks"}'
  3. Observe logs of hasura-backend-plus (crash loop) and graphql-engine (crash on JWKS)

Expected behavior The hasura-backend-plus application should expose JWKS endpoint on app startup even if Hasura is not ready

Additional context hasura-backend-plus 2.6.1 works fine, JWKS api is broken in 2.7.1

SVerkuil avatar Jul 20 '21 11:07 SVerkuil

This can also happen on 2.6.1, if one container was stopped or recreated, it's impossible to sync them again.

pk992 avatar Jul 29 '21 15:07 pk992

second that. I'm trying to automate deployment using ansible. The way to work around this is

  • startup hasura (and hbp) excluding the config setting HASURA_GRAPHQL_JWT_SECRET
  • after hbp is listening ( e.g. do a docker-compose logs -f hbp) restart the hasura service with docker-compose up -d this time with HASURA_GRAPHQL_JWT_SECRET properly set

my docker images are:

    image: hasura/graphql-engine:v2.0.3.cli-migrations-v3
    image: nhost/hasura-backend-plus:latest

paulbalomiri avatar Aug 09 '21 16:08 paulbalomiri