HTTP 500 when no signing key defined

[dealloc]

Discussed in #89

^{Originally posted by stnokott April 25, 2024}
Hello,

after updating my self-hosted environment to f754f2b (after merge of #80), I kept getting HTTP 500.

Container logs

2024-04-25 09:17:40       Connection id "0HN34UV5C9ACI", Request id "0HN34UV5C9ACI:00000001": An unhandled exception was thrown by the application.
2024-04-25 09:17:40       System.ArgumentNullException: Value cannot be null. (Parameter 's')
2024-04-25 09:17:40          at System.ThrowHelper.ThrowArgumentNullException(ExceptionArgument) + 0x49
2024-04-25 09:17:40          at System.Convert.FromBase64String(String) + 0x32
2024-04-25 09:17:40          at Program.<>c__DisplayClass0_0.<<Main>$>b__5(JwtBearerOptions options) + 0x105
2024-04-25 09:17:40          at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String, TOptions) + 0xaf
2024-04-25 09:17:40          at Microsoft.Extensions.Options.OptionsFactory`1.Create(String) + 0x114
2024-04-25 09:17:40          at Microsoft.Extensions.Options.OptionsMonitor`1.<>c.<Get>b__10_0(String name, IOptionsFactory`1 factory) + 0x42
2024-04-25 09:17:40          at Microsoft.Extensions.Options.OptionsCache`1.<>c__DisplayClass3_1`1.<GetOrAdd>b__2() + 0x43
2024-04-25 09:17:40          at System.Lazy`1.ViaFactory(LazyThreadSafetyMode) + 0xf1
2024-04-25 09:17:40          at System.Lazy`1.ExecutionAndPublication(LazyHelper, Boolean) + 0x76
2024-04-25 09:17:40          at System.Lazy`1.CreateValue() + 0xd1
2024-04-25 09:17:40          at System.Lazy`1.get_Value() + 0x28
2024-04-25 09:17:40          at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd[TArg](String, Func`3, TArg) + 0x2e6
2024-04-25 09:17:40          at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String) + 0x27c
2024-04-25 09:17:40          at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext() + 0x120
2024-04-25 09:17:40       --- End of stack trace from previous location ---
2024-04-25 09:17:40          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.GetResult() + 0x1c
2024-04-25 09:17:40          at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.<GetHandlerAsync>d__5.MoveNext() + 0x3ac
2024-04-25 09:17:40       --- End of stack trace from previous location ---
2024-04-25 09:17:40          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() + 0x26
2024-04-25 09:17:40          at Microsoft.AspNetCore.Authentication.AuthenticationService.<AuthenticateAsync>d__14.MoveNext() + 0x326
2024-04-25 09:17:40       --- End of stack trace from previous location ---
2024-04-25 09:17:40          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() + 0x26
2024-04-25 09:17:40          at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext() + 0x89f
2024-04-25 09:17:40       --- End of stack trace from previous location ---
2024-04-25 09:17:40          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:17:40          at System.Runtime.CompilerServices.TaskAwaiter.GetResult() + 0x1c
2024-04-25 09:17:40          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequests>d__238`1.MoveNext() + 0x591

After a bit of trial & error, I realized that I need to provide a Signing Key to fix this (-e Helldivers__API__Authentication__SigningKey).

I'm opening this discussion to check if that's really the root isse or if I missed something.
If my assumption is right, I'll open an MR with an update to docs/containers.md, explaining this step.
(Additionally, perhaps also explaining the /dev/token endpoint which is also not documented to my knowledge)

Let me know what you think @dealloc .

[stnokott]

Perhaps I found another gotcha which could be worth explaining:

Calling /dev/token?name=foo&limit=30 (or similar parameters) doesn't seem to return tokens which can be used as a value for Helldivers__API__Authentication__SigningKey.
When trying to use any of those tokens, I get the following error in the container after performing any request:

System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters..

Sample generated token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkZXYiLCJuYmYiOiIxNzE0MDMxMDYzIiwiaWF0IjoiMTcxNDAzMTA2MyIsImV4cCI6MTcxNjYyMzA2MywiUmF0ZUxpbWl0IjoiMzAiLCJpc3MiOiJkZWFsbG9jIiwiYXVkIjoiaHR0cHM6Ly9hcGkuaGVsbGRpdmVyczIuZGV2In0.R4P_Eb5ZE3g52hcYMxsxGVcxqmLFlrFWrkpMlCQNc44

Full logs

2024-04-25 09:45:47       Connection id "0HN34VES9M8FA", Request id "0HN34VES9M8FA:00000001": An unhandled exception was thrown by the application.
2024-04-25 09:45:47       System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
2024-04-25 09:45:47          at System.Convert.FromBase64CharPtr(Char*, Int32) + 0x145
2024-04-25 09:45:47          at System.Convert.FromBase64String(String) + 0x92
2024-04-25 09:45:47          at Program.<>c__DisplayClass0_0.<<Main>$>b__5(JwtBearerOptions options) + 0x105
2024-04-25 09:45:47          at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String, TOptions) + 0xaf
2024-04-25 09:45:47          at Microsoft.Extensions.Options.OptionsFactory`1.Create(String) + 0x114
2024-04-25 09:45:47          at Microsoft.Extensions.Options.OptionsMonitor`1.<>c.<Get>b__10_0(String name, IOptionsFactory`1 factory) + 0x42
2024-04-25 09:45:47          at Microsoft.Extensions.Options.OptionsCache`1.<>c__DisplayClass3_1`1.<GetOrAdd>b__2() + 0x43
2024-04-25 09:45:47          at System.Lazy`1.ViaFactory(LazyThreadSafetyMode) + 0xf1
2024-04-25 09:45:47          at System.Lazy`1.ExecutionAndPublication(LazyHelper, Boolean) + 0x76
2024-04-25 09:45:47          at System.Lazy`1.CreateValue() + 0xd1
2024-04-25 09:45:47          at System.Lazy`1.get_Value() + 0x28
2024-04-25 09:45:47          at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd[TArg](String, Func`3, TArg) + 0x2e6
2024-04-25 09:45:47          at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String) + 0x27c
2024-04-25 09:45:47          at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.<InitializeAsync>d__48.MoveNext() + 0x120
2024-04-25 09:45:47       --- End of stack trace from previous location ---
2024-04-25 09:45:47          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.GetResult() + 0x1c
2024-04-25 09:45:47          at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.<GetHandlerAsync>d__5.MoveNext() + 0x3ac
2024-04-25 09:45:47       --- End of stack trace from previous location ---
2024-04-25 09:45:47          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() + 0x26
2024-04-25 09:45:47          at Microsoft.AspNetCore.Authentication.AuthenticationService.<AuthenticateAsync>d__14.MoveNext() + 0x326
2024-04-25 09:45:47       --- End of stack trace from previous location ---
2024-04-25 09:45:47          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() + 0x26
2024-04-25 09:45:47          at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext() + 0x89f
2024-04-25 09:45:47       --- End of stack trace from previous location ---
2024-04-25 09:45:47          at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() + 0x32
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task) + 0xe9
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task, ConfigureAwaitOptions) + 0x88
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task, ConfigureAwaitOptions) + 0x31
2024-04-25 09:45:47          at System.Runtime.CompilerServices.TaskAwaiter.GetResult() + 0x1c
2024-04-25 09:45:47          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.<ProcessRequests>d__238`1.MoveNext() + 0x591

Using the default dev token in src/Helldivers-2-API/appsettings.Development.json does work.

Judging from the difference in length (default key has 44 chars, generated one has 264 chars), this is probably a difference in Base64 encoding?

Perhaps it's also connected to the /dev/token parameters..?

In any regard, I don't know, so it's probably worth adding to the docs. 😊

[dealloc]

@stnokott that's because it's meant to generate API keys, not a signing key (which is used to generate and validate said API keys).

I've added additional documentation for this in eb7d47d & e387c60

Could you check if those changes make it clear what's going on and how to set things up / use them?
For your convenience, here's a link to the combined docs of both: containers.md

[stnokott]

@stnokott that's because it's meant to generate API keys, not a signing key (which is used to generate and validate said API keys).

I've added additional documentation for this in eb7d47d & e387c60

Could you check if those changes make it clear what's going on and how to set things up / use them? For your convenience, here's a link to the combined docs of both: containers.md

Oh yeah, this is exactly what I had in mind, even more detailed than expected (also much sooner).