How to Fix : IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128'...

Background

The Web Service can be configured to use self generated JWT tokens for authentication. This is configurable in the Configuration of the Web Service, and if the value does not exist, then a fallback is generated.

The configuration for JWT requires a secret, which is used to encrypt these tokens. When the fallback is generated, it uses a field that is unique to your webservice, but common across 'scaled out instances'.

If this secret - auto-generated or not - is not long enough, then you get the following error:

 

IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize

 

How to Fix

This is fixed by adding explicit configuration to your Web Service config, or by modifying the current configuration, if it already exists.

 

You can tell if this exists by looking for the following key in your Web Service configuration:

Local : "LemonEdge" : { "ServerAuthenticationSettings" : { "JWT" : { ... }}}
Azure : LemonEdge__ServerAuthenticationSettings__JWT__Audience
AWS : LemonEdge:ServerAuthenticationSettings:JWT:Audience

 

The following content assumes you don't have these config values. If you do, then it's just a case of updating the Secret to a very long, complex, password-like string value.

 

NOTE: With the values below, ensure you do the following:

  • For Audience, replace the value for "{your_web_service_default_domain}" with the URL of your web service
  • For Issuer, replace the value for "{your_web_service_default_domain}" with the URL of your web service
  • For Secret, replace the value for "{this is a random secret string}" with a secret password that is at least 50 characters in length, and contains lowercase and uppercase letters, numbers, and symbols

 

Local Web Service (running on local machine via dotnet)

Add this inside the LemonEdge node:

"ServerAuthenticationSettings": {
    "JWT": {
        "ExpiryMinutes": 720,
      "Audience": "https://{your_web_service_default_domain}",
      "Issuer": "https://{your_web_service_default_domain}",
        "Secret": "{this is a random secret string}"
  }
}

 

Azure Web Service

In Configuration, click 'Advanced Edit', and add the following values:

{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Audience",
"value": "https://{your_web_service_default_domain}",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__ExpiryMinutes",
"value": "720",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Issuer",
"value": "https://{your_web_service_default_domain}",
"slotSetting": false
},
{
"name": "LemonEdge__ServerAuthenticationSettings__JWT__Secret",
"value": "{this is a random secret string}",
"slotSetting": false
}

 

AWS Web Service

Inside the configuration, find the Environment node, and ensure it has the following values:

"environment": [
  {
"name": "LemonEdge:ServerAuthenticationSettings:JWT:ExpiryMinutes",
"value": "720"
  },            
  {
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Audience",
"value": "{your_web_service_default_domain}"
  },            
  {
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Issuer",
"value": "{your_web_service_default_domain}"
  },            
  {
"name": "LemonEdge:ServerAuthenticationSettings:JWT:Secret",
"value": "{this is a random secret string}"
  }
]
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.