From a7eabe034ccf15798b85e35ee62f03bcce59e0b7 Mon Sep 17 00:00:00 2001 From: Gordon Johnston Date: Sat, 6 Apr 2019 03:50:16 +0100 Subject: [PATCH] mention required key length for HMAC encryption to user (#1956) Following on from a discussion in discord, a small tweak to make the required key length for a HMAC key more obvious --- docs/graphql/manual/auth/jwt.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/graphql/manual/auth/jwt.rst b/docs/graphql/manual/auth/jwt.rst index 18e73f7c..1dc0b170 100644 --- a/docs/graphql/manual/auth/jwt.rst +++ b/docs/graphql/manual/auth/jwt.rst @@ -138,7 +138,8 @@ public keys are not yet supported. ``key`` ^^^^^^^ - In case of symmetric key (i.e. HMAC based key), the key as it is. (e.g. - - "abcdef..."). + "abcdef..."). The key must be long enough for the algorithm chosen, + (e.g. for HS256 it must be at least 32 characters long). - In case of asymmetric keys (RSA etc.), only the public key, in a PEM encoded string or as a X509 certificate.