Hello,

I am using hasura graphql engine for querying my database. and I would like to use keycloak for as authentification and autorization source with JWT. For this, Hasura asks for JWK configuration. I pointed the jwk_url needed to

https://<my-keycloak-instance>/auth/realms/<my-realms>/protocol/openid-connect/certs

Hasura throws the following error:

Error parsing JWK from url (https://keycloakserver/auth/realms/<my-realm>/protocol/openid-connect/certs): Error in $.keys[2]: expected 66 octets, found 65

And I don’t where to start looking for a fix. My initial guess was the crypto key (rs256 by default) but I changed it with no success.

What could be the source of the error?

thanks

Hello,

I’ve got the same problem. Did you find a way to make it work?

Hi,

I have mostly forgot sorry, I tried so much to make it works and I had so many issues.

Anyway, here is a working config:
env variable for Hasura HASURA_GRAPHQL_JWT_SECRET

HASURA_GRAPHQL_JWT_SECRET={"type":"RS256", "jwk_url": "https://<my-keycloak-instance>/auth/realms/<my-realms>/protocol/openid-connect/certs"}

adapt to your need. Then here is my keycloak key config for the realm:

image1115×162 13.9 KB

from what I remember, I de-activate all the other keys and make sure to use the Public key with Hasura.

Sorry to not be able to be more specific

As I can only post one image per message here is the RS256 config: