Docker hasura garphql Auth0: Error Could not verify JWT: JWSError JWSInvalidSignature

[RKARaj]

I have followed: https://www.youtube.com/watch?v=kHCLQEKjdnI
For my testing app I am using Docker hasura garphql and For Authorization: Auth0
When I am using https://hasura.io/jwt-config, I am getting JWT Config value with type "type": "RS512".
But the id_token received from Auth0, is of type {"typ": "JWT","alg": "RS256"}

When I tried to use the id_token generated by Auth0 in HasuraConsole(http://localhost:8080/console/) with Authorization header, I am always getting Error: "Could not verify JWT: JWSError JWSInvalidSignature"
{
"errors": [
{
"extensions": {
"path": "$",
"code": "invalid-jwt"
},
"message": "Could not verify JWT: JWSError JWSInvalidSignature"
}
]
}

tried all closed ticket solutions which is NOT Working. Can you please help on this issue.

[praveenweb]

Hi @RKARaj - Since you are using Hasura with local docker, this should most likely be an issue with environment variable HASURA_GRAPHQL_JWT_SECRET not being set right. If you have a docker-compose setup, you need to make sure to wrap the value in a single quote.

Also you can verify the token generated from Auth0 using https://jwt.io/#debugger-io or even using Hasura Console.

[RKARaj]

thank you for the response Praveen. I already tried the solution as you mentioned above, which is why I raised it as an issue. In the documentation to do this, something might be missing I believe, I might be wrong. Because certificate 'HASURA_GRAPHQL_JWT_SECRET' is failed to do "Signature Verified". so always ("message": "Could not verify JWT: JWSError JWSInvalidSignature")

[TejasQ]

I'm currently struggling with this too and can't seem to figure out why.

For me, everything works locally, but the same docker-compose file does not work on AWS EC2. Not sure why.

Update: False alarm. Turns out my vim showed me incorrect characters on the config in the EC2 docker-compose file.

[tirumaraiselvan]

@RKARaj Are there any docs you can point to show what type of id_token is generated in auth0 ? Is there a way to configure this, say to RS512 ?

Anyway, have you tried changing the type to type: RS256 in the output of https://hasura.io/jwt-config and then setting the environment variable HASURA_GRAPHQL_JWT_SECRET ?

[praveenweb]

Closing this. This is typically a configuration issue for the HASURA_GRAPHQL_JWT_SECRET variable used.

With Auth0 support for jwk_url fixed, this shouldn't be an issue. Tracking docs update for this here #4847