yjs
Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
Describe the bug Invalid JWT after issuing keys and running the docker as per the guide.
To Reproduce Steps to reproduce the behavior:
- Follow the Quick Start guide here - https://github.com/yjs/y-redis/tree/master?tab=readme-ov-file#quick-start-docker-compose
- Run the following commands
git clone https://github.com/yjs/y-redis.gitcd y-redisnpm icp .env.docker.template .envnpx 0ecdsa-generate-keypair --name auth >> .env - Here's how the .env looked like after running:
# This is a simple configuration to get this running using docker compose.
REDIS=redis://redis:6379
S3_ENDPOINT=minio
S3_PORT=9000
S3_SSL=false
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin
AUTH_PERM_CALLBACK=http://demo:5173/auth/perm
YDOC_UPDATE_CALLBACK=http://demo:5173/ydoc
LOG=* # log everything
## Generate the auth tokens with `npx 0ecdsa-generate-keypair --name auth >> .env
AUTH_PUBLIC_KEY={"key_ops":["verify"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384"}
AUTH_PRIVATE_KEY={"key_ops":["sign"],"ext":true,"kty":"EC","x":"mI2DWTzk2Xxwzng07DK2TmAAXccw0L-SOji1MPbbJxagxOhr5IZlSP2THq3pe4Qy","y":"qaWkkuHq_Xbw64cRHsdZkF1W7QJtYoYa2K-dgclZlIm0Zv4EjeZM1Ql3RmiBqgP1","crv":"P-384","d":"5NefOVtM_NOxH5Chq5EvqZ_wyc_OueXtzGrV2FxwnUMz_Ik0J4TgpIsFCCfk6TnX"}
- Run demo:
cd ./demos/auth-expressdocker compose up - Get the error listed below
worker-1 | using s3 store
server-1 | using s3 store
worker-1 |
demo-1 | Express Demo Auth server listening on port 5173
server-1 |
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
server-1 | Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
Expected behavior Build the project using the Quick Start guide.
Environment Information
"dependencies": {
"lib0": "^0.2.93",
"redis": "^4.6.12",
"uws": "github:uNetworking/uWebSockets.js#v20.40.0",
"yjs": "^13.5.6"
},
"optionalDependencies": {
"postgres": "^3.4.3",
"minio": "^7.1.3"
},
"engines": {
"npm": ">=8.0.0",
"node": ">=20.0.0"
},
"devDependencies": {
"@codemirror/lang-javascript": "^6.2.2",
"@codemirror/state": "^6.4.1",
"@codemirror/view": "^6.24.1",
"@rollup/plugin-commonjs": "^25.0.7",
"@rollup/plugin-node-resolve": "^15.2.3",
"@types/node": "^20.11.5",
"@types/ws": "^8.5.10",
"codemirror": "^6.0.1",
"concurrently": "^8.2.2",
"rollup": "^4.12.0",
"standard": "^17.1.0",
"typescript": "^5.3.3",
"ws": "^8.16.0",
"y-codemirror.next": "^0.3.2",
"y-websocket": "^2.0.0"
}
docker version
Client:
Cloud integration: v1.0.35+desktop.5
Version: 24.0.7
API version: 1.43
Go version: go1.20.10
Git commit: afdd53b
Built: Thu Oct 26 09:04:20 2023
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.26.1 (131620)
Engine:
Version: 24.0.7
API version: 1.43 (minimum version 1.12)
Go version: go1.20.10
Git commit: 311b9ff
Built: Thu Oct 26 09:08:15 2023
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.25
GitCommit: d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f
runc:
Version: 1.1.10
GitCommit: v1.1.10-0-g18a0cb0
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Additional context
- I tried running the demo in separate terminals after installing redis using the following commands as per the full setup guide:
docker run -p 6379:6379 redis
docker run -p 9000:9000 -p 9001:9001 quay.io/minio/minio server /data --console-address ":9001"
npm run start:server
npm run start:worker
And then running the demo
cd demos/auth-express
npm i
npm start
In one of the attempts I got a different JWT error from the server - Expired JWT in addition to Invalid JWT:
Failed to auth to endpoint /y-redis-demo-app Error: Expired JWT
at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:51:11)
at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)
at async upgrade (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/ws.js:117:50)
Failed to auth to endpoint /y-redis-demo-app Error: Invalid JWT
at Module.verifyJwt (file:///Users/naydenoff/dev/y-red-dve/y-redis/node_modules/lib0/crypto/jwt.js:47:11)
at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///Users/naydenoff/dev/y-red-dve/y-redis/src/server.js:57:38)
- In a separate application I tried authenticating using lib0 with the token that I logged from y-redis-demo-app, and it wasn't marked as invalid or expired.
Hi @naydenoff ,
I believe that you got these warnings because you had an "old" client connected.
Auth tokens expire in ~1 hour. If the warning says that the token is expired, then it means that a client generated an auth token ~1h before. The client never reloaded and still uses an expired token.
I extended the demo to update the auth token in regular intervals. This is how it should be done in practice.
If the server wasn't able to verify the token, then it could mean that the public/private key changed. Maybe you regenerated the keypair while developing?
Let me know if the latest release fixes the issue.
Hi @dmonad
Thanks for the comment (sorry for the slow reply, I didn't get a notification). Yes, I think at one point I regenerated the keys to try to make it work, however, I'm sure I several more "fresh start' tries.
Tried cloning and running the project again but I still got the Invalid JWT issue:
server-1 | at Module.verifyJwt (file:///usr/src/app/node_modules/lib0/crypto/jwt.js:47:11)
server-1 | at async registerYWebsocketServer.redisPrefix.redisPrefix (file:///usr/src/app/src/server.js:51:36)
server-1 | at async upgrade (file:///usr/src/app/src/ws.js:117:50)
Before running it, I cleared out any old files, containers, and start over from a clean slate, strictly following the readme.
I've recorded a 2 min video showing the terminal input and output, the IDE and the docker client just for a reference. https://github.com/yjs/y-redis/assets/77293029/9c92e06a-1b9b-475e-a37f-6e5a776b89de
What am I doing wrong? I feel like there's little room for error, am I missing something?