Failing to create new user: Missing JWT signing secret

Hello there!

I am trying to create a user. Creation fails from both the admin dashboard, as well as the /register route

This is the error message in the console:

** (Ash.Error.Unknown) Unknown Error

Context: resolving data on perform Memento.Accounts.User.register_with_password
* Context: resolving data on perform Memento.Accounts.User.register_with_password

** (RuntimeError) Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details
  (ash_authentication 3.11.15) lib/ash_authentication/jwt/config.ex:150: AshAuthentication.Jwt.Config.token_signer/2
  (ash_authentication 3.11.15) lib/ash_authentication/jwt.ex:111: AshAuthentication.Jwt.token_for_user/3
  (ash_authentication 3.11.15) lib/ash_authentication/generate_token_change.ex:37: AshAuthentication.GenerateTokenChange.generate_token/3
  (ash_authentication 3.11.15) lib/ash_authentication/generate_token_change.ex:19: anonymous fn/4 in AshAuthentication.GenerateTokenChange.change/3
  (ash 2.15.19) lib/ash/changeset/changeset.ex:2221: anonymous fn/2 in Ash.Changeset.run_after_actions/3

I have followed the authentication tutorial from the getting started guide.

This is my User resource:

defmodule Memento.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication]

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true

  authentication do
    api Memento.Accounts

    strategies do
      password :password do
        identity_field :email
        sign_in_tokens_enabled? true

    tokens do
      enabled? true
      token_resource Memento.Accounts.Token

      signing_secret fn _, _ ->
        Application.fetch_env(:my_app, :token_signing_secret)

  postgres do
    table "users"
    repo Memento.Repo

  identities do
    identity :unique_email, [:email]


I appreciate any guidance you can provide to solve this one.


You should drop in an IO.inspect on the result of Application.fetch_env there. It is likely returning :error, and its probably returning that because your otp app isn’t called :my_app.

Newbie moment there :slight_smile:

Still, after changing the name of the app, and dropping the IO.inspect, the error persists…

The IO.inspect is marked with the label Token Signing Secret below

Token Signing Secret: :error
[debug] QUERY OK db=1.0ms
INSERT INTO "users" ("id","email","hashed_password") VALUES ($1,$2,$3) RETURNING "hashed_password","email","id" ["2c6b67e6-f447-415e-aea4-d8539f4090ad", #Ash.CiString<"test@test.test">, "$2b$12$hly2tONsaSllVWzov8N8J.7ll8yTJ7wkIhiOD9ATSBr1Yn/9Av/nO"]
↳ AshPostgres.DataLayer.bulk_create/3, at: lib/data_layer.ex:1234
[debug] QUERY OK db=0.4ms
rollback []
↳ anonymous fn/3 in Ash.Changeset.with_hooks/3, at: lib/ash/changeset/changeset.ex:1764
[error] GenServer #PID<0.16977.0> terminating
** (Ash.Error.Unknown) Unknown Error

Context: resolving data on perform Memento.Accounts.User.register_with_password
* Context: resolving data on perform Memento.Accounts.User.register_with_password

** (RuntimeError) Missing JWT signing secret. Please see the documentation for `AshAuthentication.Jwt` for details

Where can I look next?

Appreciate your help!

That configuration is not present. Do you have config :your_app_name, :token_sigining_secret somewhere in your config?

No I don’t! Where should I have that configuration? In the user resource, or in config.exs? I cannot find the reference to how to configure this in the Getting Started guide. Maybe I missed it or simply don’t know where to find it…

It would be in config.exs (or in the environment specific ones).

We use the secret_key_base for it in ash_hq. If its not in the guide we should put it there for sure, at least a reference that it should be set :slight_smile: ash_hq/config/dev.exs at bdaba672c29d179d9f19c848b38c3b4ce23a177b · ash-project/ash_hq · GitHub

Thanks a million Zach,

I created a secret_key_base and added the config :memento, token_signing_secret: secret_key_base in config.exs. I can now register new users.

I still hit some trouble in the admin dashboard, like not being able to sign in through Sign In With Token For Password (authentication failed)

If I attempt to login by user and password (through the dashboard), I get the following error in the console:

[warning] Error while loading record on admin dashboard
: ** (Ash.Error.Invalid) Input Invalid

* argument token is required
  (ash 2.15.19) lib/ash/query/query.ex:499: anonymous fn/2 in Ash.Query.require_arguments/2
  (elixir 1.15.4) lib/enum.ex:2510: Enum."-reduce/3-lists^foldl/2-0-"/3
  (ash 2.15.19) lib/ash/query/query.ex:437: Ash.Query.for_read/4
  (ash_admin 0.9.5) lib/ash_admin/pages/page_live.ex:233: AshAdmin.PageLive.handle_params/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/utils.ex:462: anonymous fn/5 in Phoenix.LiveView.Utils.call_handle_params!/5
  (telemetry 1.2.1) /home/bigspaces/MyGit/mementojon/memento/deps/telemetry/src/telemetry.erl:321: :telemetry.span/3
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:547: Phoenix.LiveView.Channel.maybe_call_mount_handle_params/4
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:1129: Phoenix.LiveView.Channel.verified_mount/8
  (phoenix_live_view 0.20.1) lib/phoenix_live_view/channel.ex:84: Phoenix.LiveView.Channel.handle_info/2
  (stdlib 5.0.2) gen_server.erl:1077: :gen_server.try_handle_info/3
  (stdlib 5.0.2) gen_server.erl:1165: :gen_server.handle_msg/6
  (stdlib 5.0.2) proc_lib.erl:241: :proc_lib.init_p_do_apply/3

or trying to list my users through the dashboard and getting this message: * expected at most one result but got at least 2 in query: #Ash.Query<resource: Memento.Accounts.User, limit: 1000, select: [:id, :email, :hashed_password]>

If I attempt any actions with tokens, the page crashes and I get the error: Invalid value provided for jti: At least one of `jti` or `token` arguments must be present.

I am very new to this so surely I am missing 20 moving pieces. I will tackle that tomorrow after looking at your video tutorial on the admin dashboard.

Thanks a million for your great support today. Looking forward to getting the hang of Ash!

Hmm…a lot of weird sounding things there. I think we’d need to split them up and open some issues for them.

Thanks @zachdaniel

I have started with my first concern: signing in as a user from the admin dashboard.

Thanks in advance!