Failing to create new user: Missing JWT signing secret

BigSpaces · October 18, 2023, 6:38pm

Hello there!

I am trying to create a user. Creation fails from both the admin dashboard, as well as the /register route

This is the error message in the console:

** (Ash.Error.Unknown) Unknown Error

Context: resolving data on perform Memento.Accounts.User.register_with_password
* Context: resolving data on perform Memento.Accounts.User.register_with_password

** (RuntimeError) Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details
  (ash_authentication 3.11.15) lib/ash_authentication/jwt/config.ex:150: AshAuthentication.Jwt.Config.token_signer/2
  (ash_authentication 3.11.15) lib/ash_authentication/jwt.ex:111: AshAuthentication.Jwt.token_for_user/3
  (ash_authentication 3.11.15) lib/ash_authentication/generate_token_change.ex:37: AshAuthentication.GenerateTokenChange.generate_token/3
  (ash_authentication 3.11.15) lib/ash_authentication/generate_token_change.ex:19: anonymous fn/4 in AshAuthentication.GenerateTokenChange.change/3
  (ash 2.15.19) lib/ash/changeset/changeset.ex:2221: anonymous fn/2 in Ash.Changeset.run_after_actions/3

I have followed the authentication tutorial from the getting started guide.

This is my User resource:

defmodule Memento.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication]

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
  end

  authentication do
    api Memento.Accounts

    strategies do
      password :password do
        identity_field :email
        sign_in_tokens_enabled? true
      end
    end

    tokens do
      enabled? true
      token_resource Memento.Accounts.Token

      signing_secret fn _, _ ->
        Application.fetch_env(:my_app, :token_signing_secret)
      end
    end
  end

  postgres do
    table "users"
    repo Memento.Repo
  end

  identities do
    identity :unique_email, [:email]
  end


end

I appreciate any guidance you can provide to solve this one.

BigSpaces

zachdaniel · October 18, 2023, 6:39pm

You should drop in an IO.inspect on the result of Application.fetch_env there. It is likely returning :error, and its probably returning that because your otp app isn’t called :my_app.

BigSpaces · October 18, 2023, 7:46pm

Newbie moment there

Still, after changing the name of the app, and dropping the IO.inspect, the error persists…

The IO.inspect is marked with the label Token Signing Secret below

Token Signing Secret: :error
[debug] QUERY OK db=1.0ms
INSERT INTO "users" ("id","email","hashed_password") VALUES ($1,$2,$3) RETURNING "hashed_password","email","id" ["2c6b67e6-f447-415e-aea4-d8539f4090ad", #Ash.CiString<"test@test.test">, "$2b$12$hly2tONsaSllVWzov8N8J.7ll8yTJ7wkIhiOD9ATSBr1Yn/9Av/nO"]
↳ AshPostgres.DataLayer.bulk_create/3, at: lib/data_layer.ex:1234
[debug] QUERY OK db=0.4ms
rollback []
↳ anonymous fn/3 in Ash.Changeset.with_hooks/3, at: lib/ash/changeset/changeset.ex:1764
[error] GenServer #PID<0.16977.0> terminating
** (Ash.Error.Unknown) Unknown Error

Context: resolving data on perform Memento.Accounts.User.register_with_password
* Context: resolving data on perform Memento.Accounts.User.register_with_password

** (RuntimeError) Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details

Where can I look next?

Appreciate your help!

zachdaniel · October 18, 2023, 7:59pm

That configuration is not present. Do you have config :your_app_name, :token_sigining_secret somewhere in your config?

BigSpaces · October 18, 2023, 8:06pm

No I don’t! Where should I have that configuration? In the user resource, or in config.exs? I cannot find the reference to how to configure this in the Getting Started guide. Maybe I missed it or simply don’t know where to find it…

zachdaniel · October 18, 2023, 8:13pm

It would be in config.exs (or in the environment specific ones).

We use the secret_key_base for it in ash_hq. If its not in the guide we should put it there for sure, at least a reference that it should be set ash_hq/config/dev.exs at bdaba672c29d179d9f19c848b38c3b4ce23a177b · ash-project/ash_hq · GitHub

BigSpaces · October 18, 2023, 8:35pm

Thanks a million Zach,

I created a secret_key_base and added the config :memento, token_signing_secret: secret_key_base in config.exs. I can now register new users.

I still hit some trouble in the admin dashboard, like not being able to sign in through Sign In With Token For Password (authentication failed)

If I attempt to login by user and password (through the dashboard), I get the following error in the console:

[warning] Error while loading record on admin dashboard
: ** (Ash.Error.Invalid) Input Invalid

* argument token is required
  (ash 2.15.19) lib/ash/query/query.ex:499: anonymous fn/2 in Ash.Query.require_arguments/2
  (elixir 1.15.4) lib/enum.ex:2510: Enum."-reduce/3-lists^foldl/2-0-"/3
  (ash 2.15.19) lib/ash/query/query.ex:437: Ash.Query.for_read/4
  (ash_admin 0.9.5) lib/ash_admin/pages/page_live.ex:233: AshAdmin.PageLive.handle_params/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/utils.ex:462: anonymous fn/5 in Phoenix.LiveView.Utils.call_handle_params!/5
  (telemetry 1.2.1) /home/bigspaces/MyGit/mementojon/memento/deps/telemetry/src/telemetry.erl:321: :telemetry.span/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:547: Phoenix.LiveView.Channel.maybe_call_mount_handle_params/4
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:1129: Phoenix.LiveView.Channel.verified_mount/8
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:84: Phoenix.LiveView.Channel.handle_info/2
  (stdlib 5.0.2) gen_server.erl:1077: :gen_server.try_handle_info/3
  (stdlib 5.0.2) gen_server.erl:1165: :gen_server.handle_msg/6
  (stdlib 5.0.2) proc_lib.erl:241: :proc_lib.init_p_do_apply/3

or trying to list my users through the dashboard and getting this message: * expected at most one result but got at least 2 in query: #Ash.Query<resource: Memento.Accounts.User, limit: 1000, select: [:id, :email, :hashed_password]>

If I attempt any actions with tokens, the page crashes and I get the error: Invalid value provided for jti: At least one of `jti` or `token` arguments must be present.

I am very new to this so surely I am missing 20 moving pieces. I will tackle that tomorrow after looking at your video tutorial on the admin dashboard.

Thanks a million for your great support today. Looking forward to getting the hang of Ash!

zachdaniel · October 18, 2023, 10:46pm

Hmm…a lot of weird sounding things there. I think we’d need to split them up and open some issues for them.

BigSpaces · October 19, 2023, 2:22pm

Thanks @zachdaniel

I have started with my first concern: signing in as a user from the admin dashboard.

Thanks in advance!