Background
The Web Service can be configured to use self generated JWT tokens for authentication. This is configurable in the Configuration of the Web Service, and if the value does not exist, then a fallback is generated.
The configuration for JWT requires a secret, which is used to encrypt these tokens. When the fallback is generated, it uses a field that is unique to your webservice, but common across 'scaled out instances'.
If this secret - auto-generated or not - is not long enough, then you get the following error:
How to Fix
This is fixed by adding explicit configuration to your Web Service config, or by modifying the current configuration, if it already exists.
You can tell if this exists by looking for the following key in your Web Service configuration:
Local : "LemonEdge" : { "ServerAuthenticationSettings" : { "JWT" : { ... }}}
Azure : LemonEdge__ServerAuthenticationSettings__JWT__Audience
AWS : LemonEdge:ServerAuthenticationSettings:JWT:Audience
The following content assumes you don't have these config values. If you do, then it's just a case of updating the Secret to a very long, complex, password-like string value.
NOTE: With the values below, ensure you do the following:
- For Audience, replace the value for "{your_web_service_default_domain}" with the URL of your web service
- For Issuer, replace the value for "{your_web_service_default_domain}" with the URL of your web service
- For Secret, replace the value for "{this is a random secret string}" with a secret password that is at least 50 characters in length, and contains lowercase and uppercase letters, numbers, and symbols
Local Web Service (running on local machine via dotnet)
Add this inside the LemonEdge node:
"ServerAuthenticationSettings": {
"JWT": {
"ExpiryMinutes": 720,
"Audience": "https://{your_web_service_default_domain}",
"Issuer": "https://{your_web_service_default_domain}",
"Secret": "{this is a random secret string}"
}
}
Azure Web Service
In Configuration, click 'Advanced Edit', and add the following values:
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Audience",
"value": "https://{your_web_service_default_domain}",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__ExpiryMinutes",
"value": "720",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Issuer",
"value": "https://{your_web_service_default_domain}",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Secret",
"value": "{this is a random secret string}",
"slotSetting": false
}
AWS Web Service
Inside the configuration, find the Environment node, and ensure it has the following values:
"environment": [
{
"name": "LemonEdge:ServerAuthenticationSettings:JWT:ExpiryMinutes",
"value": "720"
},
{
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Audience",
"value": "{your_web_service_default_domain}"
},
{
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Issuer",
"value": "{your_web_service_default_domain}"
},
{
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Secret",
"value": "{this is a random secret string}"
}
]
Comments
Please sign in to leave a comment.