https://supertokens.com/ logo
#support-questions
Title
# support-questions
c

constantinos

07/01/2022, 3:22 PM
My hasura server cannot access the jwk.json file. It says blocked by cors. Am I supposed to whitelist the auth domain also? I added dynamic domains in cors.
Copy code
{
  "type": "startup",
  "timestamp": "2022-07-01T15:17:06.143+0000",
  "level": "info",
  "detail": {
    "kind": "server_configuration",
    "info": {
      "live_query_options": {
        "batch_size": 100,
        "refetch_delay": 1
      },
      "transaction_isolation": "ISOLATION LEVEL READ COMMITTED",
      "enable_maintenance_mode": false,
      "enabled_log_types": [
        "http-log",
        "websocket-log",
        "startup",
        "webhook-log"
      ],
      "server_host": "HostAny",
      "websocket_connection_init_timeout": "WSConnectionInitTimeout {unWSConnectionInitTimeout = Seconds {seconds = 3s}}",
      "enable_allowlist": false,
      "remote_schema_permissions": false,
      "log_level": "info",
      "auth_hook_mode": null,
      "use_prepared_statements": true,
      "unauth_role": "anonymous",
      "stringify_numeric_types": false,
      "v1-boolean-null-collapse": true,
      "graceful_shutdown_timeout": 60,
      "enabled_apis": [
        "metadata",
        "graphql",
        "config",
        "pgdump"
      ],
      "enable_telemetry": true,
      "enable_console": true,
      "auth_hook": null,
      "infer_function_permissions": true,
      "experimental_features": [],
      "enable_metadata_query_logging": false,
      "events_fetch_batch_size": 100,
      "jwt_secret": [
        {
          "audience": null,
          "claims_format": "json",
          "claims_namespace": "https://hasura.io/jwt/claims",
          "header": null,
          "jwk_url": "https://auth-domain/auth/jwt/jwks.json",
          "issuer": null
        }
      ],
      "cors_config": {
        "allowed_origins": "*",
        "disabled": false,
        "ws_read_cookie": null
      },
      "websocket_compression_options": "NoCompression",
      "console_assets_dir": null,
      "admin_secret_set": true,
      "port": 17930,
      "websocket_keep_alive": "KeepAliveDelay {unKeepAliveDelay = Seconds {seconds = 5s}}"
    }
  }
}
This are logs from my hasura staging env
Production is fine
r

rp

07/01/2022, 3:26 PM
that's weird. It shouldn't be blocked by CORS since Hasura should just send a GET request to it
Can I see a screenshot of the error?
c

constantinos

07/01/2022, 3:32 PM
I send it to you in a PM
r

rp

07/01/2022, 3:40 PM
This seems like a CORS package issue.
Maybe it will help
c

constantinos

07/01/2022, 3:58 PM
IS this useful also? I dont fully understand it https://github.com/expressjs/cors/pull/175
r

rp

07/01/2022, 3:59 PM
Im not sure.
Probably open an issue on their lib
c

constantinos

07/01/2022, 3:59 PM
I am using
.split(", ");
to get an array from an env var
r

rp

07/01/2022, 4:00 PM
Consider printing out what domains you are setting
Im pretty sure it’s some input issue to the CORS lib
c

constantinos

07/01/2022, 4:10 PM
Is node 18 related?
r

rp

07/01/2022, 4:11 PM
I doubt it
What does your CORS lib usage look like?
I see. Can you make the cors not be dynamic and add the right URLs for your staging server just to see that it works that way. This way, we know that the issue for sure is to do with the function you implemented
c

constantinos

07/01/2022, 4:27 PM
I did and I still have the issue
I now can access the jwks.json file from browser
r

rp

07/01/2022, 4:42 PM
Right. So hasura should work too
And if you change it back to the dynamic conf, it stops working again?
c

constantinos

07/01/2022, 4:53 PM
MAde it work. Did many things like downgrading hasura to v2.8.0 and removing the custom domain (which I added after this problem)
r

rp

07/01/2022, 4:54 PM
Hmmm. Fair enough. This is quite strange indeed. But good to know
c

constantinos

07/01/2022, 4:55 PM
Also the auth app is still using the dynamic origins in cors
r

rp

07/01/2022, 4:55 PM
Hmmm. And that’s working?
c

constantinos

07/02/2022, 12:58 PM
It crashed again today, reverted back to static origin and worked. So that was the cause in the end..
r

rp

07/02/2022, 12:59 PM
Hmmm. Ok fair
c

constantinos

07/05/2022, 5:16 PM
@rp our staging hasura server crashed again. This time i had just an array in the origin.
Copy code
{
  "type": "jwk-refresh-log",
  "timestamp": "2022-07-05T16:18:14.975+0000",
  "level": "critical",
  "detail": {
    "error": {
      "http_exception": {
        "type": "http_exception",
        "message": "Response timeout",
        "request": {
          "secure": true,
          "path": "/auth/jwt/jwks.json",
          "responseTimeout": "ResponseTimeoutDefault",
          "queryString": "",
          "method": "GET",
          "requestHeaders": {
            "Content-Type": "application/json",
            "X-B3-ParentSpanId": "718481ff787b5cf6",
            "X-B3-TraceId": "e7f9c5f457b94921",
            "X-B3-SpanId": "bcf184352b6c3d65",
            "User-Agent": "hasura-graphql-engine/v2.8.3"
          },
          "host": "staging-auth.ourDomain.com",
          "port": 443
        }
      }
    },
    "message": null
  }
}
r

rp

07/05/2022, 5:20 PM
hmm. And it crashes just during this API call?
c

constantinos

07/05/2022, 5:28 PM
Yes it tries to get the JWK, receives no response, and then crashes
r

rp

07/05/2022, 6:03 PM
Yea. If you use the key string, it won't need to query the JWKS URL
But it shouldn't crash like this when it queries the API 🤔
What is crashing exactly? Your backend process? Or the supertokens-core?
c

constantinos

07/05/2022, 6:19 PM
The Hasura server is crashing, which is hosted in heroku. And only the staging server, which goes idle much often
Also I am fetching the jwks.json from my auth api as described in the docs. Not directly from supertokens-core. Is this correct?
r

rp

07/05/2022, 6:29 PM
yes. that is correct
it's really strange that this is happening
no other API has this behaviour?
c

constantinos

07/05/2022, 6:31 PM
Afaik no. Hasura is the only api we use
r

rp

07/05/2022, 6:31 PM
right. It could be an issue not related to supertokens, just the way the process is setup
c

constantinos

07/05/2022, 6:32 PM
I ll try the string tomorrow. That's what I jad before moving to supertokens
r

rp

07/05/2022, 6:32 PM
Yea. That can work too
But this might hint at a deeper problem with how the process is being run on the server
c

constantinos

07/05/2022, 6:33 PM
In the docs it says to get the keys from supertokens core, are the keys from our auth server jwks.json the same?
Ok I ll also post on Hasura
r

rp

07/05/2022, 6:35 PM
Yes. They are the same
the api server just queries the core to get them
> Ok I ll also post on Hasura I don't think the issue is to do with Hasura, but rather how the api process is being run on the server
Something about being idle makes it unresponsive
c

constantinos

07/06/2022, 5:45 AM
I changed to a key string. I ll let you know if it happens again.