Set up a JWT for Testing
Step 1: Install the jwt-cli
Install the jwt-cli, which allows you to generate tokens from the command
line. You can follow their list of installation instructions found
here.
Step 2: Generate a random string
Generate a random string that we'll use as the JWT secret key:
openssl rand -hex 16
Copy the value returned by the terminal.
If you don't want to use openssl, you can use any other random string generators. The only requirement is that the string must be at least 32 characters.
Step 3: Set up your configurations
Set up an AuthConfig object in your project which uses this secret key.
version: v1
kind: RelyAuth
definition:
modes:
- mode: jwt
tokenLocation:
in: header
name: Auth-Token
claimsConfig:
namespace:
location: '"claims.jwt.hasura.io"'
claimsFormat: Json
key:
algorithm: HS256
key:
env: JWT_SECRET_KEY
Step 4: Start the service
Start a RelyAuth service with Docker Compose.
services:
auth-hook:
image: ghcr.io/relychan/rely-auth:latest
ports:
- 8080:8080
volumes:
- ./rely-auth:/etc/rely-auth
environment:
JWT_SECRET_KEY: "<insert-the-key-generated-in-previous-step>"
docker compose up -d
Step 5: Generate a JWT
For testing, you can use the jwt-cli to encode and generate a new token with the different claims written to match
your testing needs.
jwt encode --secret="<secret-key>" '{"exp": 1739905122,"iat": 1708369122,"claims.jwt.hasura.io":{"x-hasura-default-role": "admin","x-hasura-allowed-roles":["admin"]}}'
In the example above, we're setting the following values:
- The issued (
iat) time asFeb. 19 2024, at 18:58:42as a Unix epoch timestamp. - The expiration (
exp) time asFeb. 18, 2025 at 18:58:42. - The default role as
admin. - The allowed roles as
admin.
For more information about the claims Hasura expects, check out this page.
Step 6: Test your AuthConfig
Use an HTTP client tool, for example, cURL to send a request:
curl http://localhost:8080/auth/ddn -H 'Auth-Token: <jwt-token>'