https://supertokens.com/ logo
Join Discord
Powered by
My hasura server cannot access the jwk.json file. ...
# support-questions
c
My hasura server cannot access the jwk.json file. It says blocked by cors. Am I supposed to whitelist the auth domain also? I added dynamic domains in cors.
Copy code
{
  "type": "startup",
  "timestamp": "2022-07-01T15:17:06.143+0000",
  "level": "info",
  "detail": {
    "kind": "server_configuration",
    "info": {
      "live_query_options": {
        "batch_size": 100,
        "refetch_delay": 1
      },
      "transaction_isolation": "ISOLATION LEVEL READ COMMITTED",
      "enable_maintenance_mode": false,
      "enabled_log_types": [
        "http-log",
        "websocket-log",
        "startup",
        "webhook-log"
      ],
      "server_host": "HostAny",
      "websocket_connection_init_timeout": "WSConnectionInitTimeout {unWSConnectionInitTimeout = Seconds {seconds = 3s}}",
      "enable_allowlist": false,
      "remote_schema_permissions": false,
      "log_level": "info",
      "auth_hook_mode": null,
      "use_prepared_statements": true,
      "unauth_role": "anonymous",
      "stringify_numeric_types": false,
      "v1-boolean-null-collapse": true,
      "graceful_shutdown_timeout": 60,
      "enabled_apis": [
        "metadata",
        "graphql",
        "config",
        "pgdump"
      ],
      "enable_telemetry": true,
      "enable_console": true,
      "auth_hook": null,
      "infer_function_permissions": true,
      "experimental_features": [],
      "enable_metadata_query_logging": false,
      "events_fetch_batch_size": 100,
      "jwt_secret": [
        {
          "audience": null,
          "claims_format": "json",
          "claims_namespace": "https://hasura.io/jwt/claims",
          "header": null,
          "jwk_url": "https://auth-domain/auth/jwt/jwks.json",
          "issuer": null
        }
      ],
      "cors_config": {
        "allowed_origins": "*",
        "disabled": false,
        "ws_read_cookie": null
      },
      "websocket_compression_options": "NoCompression",
      "console_assets_dir": null,
      "admin_secret_set": true,
      "port": 17930,
      "websocket_keep_alive": "KeepAliveDelay {unKeepAliveDelay = Seconds {seconds = 5s}}"
    }
  }
}
This are logs from my hasura staging env
Production is fine
r
that's weird. It shouldn't be blocked by CORS since Hasura should just send a GET request to it
Can I see a screenshot of the error?
c
I send it to you in a PM
r
This seems like a CORS package issue.
Maybe it will help
c
IS this useful also? I dont fully understand it https://github.com/expressjs/cors/pull/175
r
Im not sure.
Probably open an issue on their lib
c
I am using 
.split(", ");
to get an array from an env var
r
Consider printing out what domains you are setting
Im pretty sure it’s some input issue to the CORS lib
c
Is node 18 related?
r
I doubt it
What does your CORS lib usage look like?
I see. Can you make the cors not be dynamic and add the right URLs for your staging server just to see that it works that way. This way, we know that the issue for sure is to do with the function you implemented
c
I did and I still have the issue
I now can access the jwks.json file from browser
r
Right. So hasura should work too
And if you change it back to the dynamic conf, it stops working again?
c
MAde it work. Did many things like downgrading hasura to v2.8.0 and removing the custom domain (which I added after this problem)
r
Hmmm. Fair enough. This is quite strange indeed. But good to know
c
Also the auth app is still using the dynamic origins in cors
r
Hmmm. And that’s working?
c
It crashed again today, reverted back to static origin and worked. So that was the cause in the end..
r
Hmmm. Ok fair
c
@rp our staging hasura server crashed again. This time i had just an array in the origin.
Copy code
{
  "type": "jwk-refresh-log",
  "timestamp": "2022-07-05T16:18:14.975+0000",
  "level": "critical",
  "detail": {
    "error": {
      "http_exception": {
        "type": "http_exception",
        "message": "Response timeout",
        "request": {
          "secure": true,
          "path": "/auth/jwt/jwks.json",
          "responseTimeout": "ResponseTimeoutDefault",
          "queryString": "",
          "method": "GET",
          "requestHeaders": {
            "Content-Type": "application/json",
            "X-B3-ParentSpanId": "718481ff787b5cf6",
            "X-B3-TraceId": "e7f9c5f457b94921",
            "X-B3-SpanId": "bcf184352b6c3d65",
            "User-Agent": "hasura-graphql-engine/v2.8.3"
          },
          "host": "staging-auth.ourDomain.com",
          "port": 443
        }
      }
    },
    "message": null
  }
}
r
hmm. And it crashes just during this API call?
c
Yes it tries to get the JWK, receives no response, and then crashes
r
Yea. If you use the key string, it won't need to query the JWKS URL
But it shouldn't crash like this when it queries the API 🤔
What is crashing exactly? Your backend process? Or the supertokens-core?
c
The Hasura server is crashing, which is hosted in heroku. And only the staging server, which goes idle much often
Also I am fetching the jwks.json from my auth api as described in the docs. Not directly from supertokens-core. Is this correct?
r
yes. that is correct
it's really strange that this is happening
no other API has this behaviour?
c
Afaik no. Hasura is the only api we use
r
right. It could be an issue not related to supertokens, just the way the process is setup
c
I ll try the string tomorrow. That's what I jad before moving to supertokens
r
Yea. That can work too
But this might hint at a deeper problem with how the process is being run on the server
c
In the docs it says to get the keys from supertokens core, are the keys from our auth server jwks.json the same?
Ok I ll also post on Hasura
r
Yes. They are the same
the api server just queries the core to get them
> Ok I ll also post on Hasura I don't think the issue is to do with Hasura, but rather how the api process is being run on the server
Something about being idle makes it unresponsive
c
I changed to a key string. I ll let you know if it happens again.
PreviousNext
Powered by