Mercure Docker Invalid JWT Signature from ignoring JWT_KEY from docker-compose

Question

I have a docker-compose which fires up a mercure container

docker-compose

version: '3.8'

services:
    ...
    mercure:
        image: dunglas/mercure
        ports:
            - '8003:443'
            - '8004:80'
        environment:
            - JWT_KEY='so_secret'
            - DEMO=1
            - DEBUG=1
            - ALLOW_ANONYMOUS=1
            - CORS_ALLOWED_ORIGINS=*
            - PUBLISH_ALLOWED_ORIGINS=*
networks:
    default:

But when I POST to POST http://mercure/.well-known/mercure I get this from my mercure container: (prettified)

Log #1
{
   "level":"info",
   "ts":1606379852.84174,
   "logger":"http.handlers.mercure",
   "msg":"Topic selectors not matched or not provided",
   "remote_addr":"192.168.192.3:37534",
   "error":"unable to parse JWT: signature is invalid"
}

Log #2
{
   "level":"error",
   "ts":1606379852.8418272,
   "logger":"http.log.access",
   "msg":"handled request",
   "request":{
      "remote_addr":"192.168.192.3:37534",
      "proto":"HTTP/1.1",
      "method":"POST",
      "host":"mercure",
      "uri":"/.well-known/mercure",
      "headers":{
         "Authorization":[
            "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOltdfX0.VuGJakeE0mowuQj0ErJjtEE-U4iYey2_XCbESaaGvtU"
         ],
         "User-Agent":[
            "Symfony HttpClient/Curl"
         ],
         "Accept-Encoding":[
            "gzip"
         ],
         "Content-Length":[
            "1339"
         ],
         "Content-Type":[
            "application/x-www-form-urlencoded"
         ],
         "Accept":[
            "*/*"
         ]
      }
   },
   "common_log":"192.168.192.3 - - [26/Nov/2020:08:37:32 +0000] \"POST /.well-known/mercure HTTP/1.1\" 401 13",
   "duration":0.001635684,
   "size":13,
   "status":401,
   "resp_headers":{
      "X-Content-Type-Options":[
         "nosniff"
      ],
      "X-Xss-Protection":[
         "1; mode=block"
      ],
      "Content-Security-Policy":[
         "default-src 'self' mercure.rocks cdn.jsdelivr.net"
      ],
      "Content-Type":[
         "text/plain; charset=utf-8"
      ],
      "Server":[
         "Caddy"
      ],
      "X-Frame-Options":[
         "DENY"
      ]
   }
}

Why does it say the Signature is invalid, when https://jwt.io/ says it is verified? Does the JWT_KEY from the docker-compose get ignored?

// EDIT sudo docker-compose exec mercure env shows JWT_KEY=so_secret, so what else can I check?

Answer 1

I had the same issue. I tried things like:

• restarting,
• recreating,
• link changing

(thought that mercure container had some cache.)

Then I go to documentation and get the example of payload.

So I change my JWT_KEY, and rebuild Authorization token, based on new example and it starts working!!

Working payload