3
votes

I'm setting up guardian for the first time with a phoenix app. I'm hitting a road block with the secret key in the Guardian Config. I'm not understanding where to keep the secret key and how exactly to generate it? I basically copied and pasted from the readme and I'm sure that's not correct but I just can't seem to find decent docs on this problem. Here is what I tried to run into when trying to create a session with a user from the database.

erlang error: {:not_supported, ["P-521", :HS512]}

Here is my current config file which is obviously wrong.

    config :guardian, Guardian,
  issuer: "PerriAir",
  ttl: { 30, :days },
  verify_issuer: true, # optional
  secret_key:  %{
    "crv" => "P-521",
    "d" => "axDuTtGavPjnhlfnYAwkHa4qyfz2fdseppXEzmKpQyY0xd3bGpYLEF4ognDpRJm5IRaM31Id2NfEtDFw4iTbDSE",
    "kty" => "EC",
    "x" => "AL0H8OvP5NuboUoj8Pb3zpBcDyEJN907wMxrCy7H2062i3IRPF5NQ546jIJU3uQX5KN2QB_Cq6R_SUqyVZSNpIfC",
    "y" => "ALdxLuo6oKLoQ-xLSkShv_TA0di97I9V92sg1MKFava5hKGST1EKiVQnZMrN3HO8LtLT78SNTgwJSQHAXIUaA-lV"
  },
  serializer: PerriAir.GuardianSerializer

Any tips on how to generate the proper key would be great Thank you!

1
Check out github.com/ueberauth/guardian/issues/152 - under "Long answer" there is extensive documentation. What is your Erlang/OTP version? P-521 might be an algorithm that isn't supported on older OTP releases (I have no clue), but in any case that issue should give you enough information to generate a key with a different algorithm.cdegroot

1 Answers

5
votes
  1. Go into iex with iex -S mix
  2. Run JOSE.JWK.generate_key({:oct, 16}) |> JOSE.JWK.to_map |> elem(1) and copy what is outputted.
  3. Place the copied map in the secret_key key under the Guardian configuration where you had the other key at.

The example above is for octet. You can find more key types at hexdocs.pm/jose/key-generation and key generation options at https://github.com/ueberauth/guardian/issues/152