Your token is invalid. It might have expired or you might be using a token from a different project

prisma

#1

I’ve been building an application for students with user authentication for a while now, and I’ve spent the last week trying to debug Network Errors that I’ve been receiving when I try to issue GraphQL Queries or Mutations. Right now I’m getting this error on the front-end (on my user signup page):
“Uncaught (in promise) Error: Network error: Unexpected token < in JSON at position 0”

And this error if I try to run the server on playground:

"utils.ts:8 Error: {
  "errors": [
    {
      "message": " Your token is invalid. It might have expired or you might be using a token from a different project.",
      "code": 3015,
      "requestId": "api:api:cjfsrta3ay74z0a42eoacdq2p"
    }
  ]
}"

Please help me fix this. Thank you.


#2

This error message is returned by a Prisma API, if it is protected with a secret, but the incoming request either

  • has no Authorization header
  • uses an invalid token for the Authorization header
  • uses an expired token for the Authorization header

You can read more about authentication in a Prisma API here.

How are you connecting to the Prisma API?


#3

The index.js file in my /server/src folder looks like this:

const { GraphQLServer } = require('graphql-yoga')
const { Prisma } = require('prisma-binding')
const { resolvers } = require('./resolvers')


const server = new GraphQLServer({
  typeDefs: './schema.graphql',
  resolvers,
  context: req => ({
    ...req,
    db: new Prisma({
      typeDefs: './generated/prisma.graphql',
      endpoint: process.env.PRISMA_ENDPOINT,
      secret: process.env.PRISMA_SECRET,
      debug: true,
    }),
  }),
})

server.start(({ port }) => console.log('Server is running on http://localhost:${port}'))

And /server/.env is:

PRISMA_STAGE="dev"
PRISMA_ENDPOINT="__PRISMA_ENDPOINT__"
PRISMA_CLUSTER="__PRISMA_CLUSTER__"
PRISMA_SECRET="mysecret123"
APP_SECRET="jwtsecret123"

#4

Is mysecret123 the secret you deployed to your service?

You can just deploy the secret again to make sure :slight_smile:


#5

Yes, mysecret123 is the secret I deployed.

The way I have attached the Authorization headers is by setting up a middleware link in my index.js file that does the following:

const middlewareLink = new ApolloLink((operation, forward) => {
  const tokenValue = localStorage.getItem(AUTH_TOKEN)
  operation.setContext({
    headers: {
      Authorization: tokenValue ? `Bearer ${tokenValue}` : '',
    },
  })
  return forward(operation)
})

Regardless, I receive the same error even when I set disableAuth: true in my prisma.yml file and deploy it.


#6

Can you provide a minimal setup to reproduce this in a new Github repository?


#7

I have the same problem. I double check the environment variables, If I remove the secret everything works like a charm. When I add the secret, bad thing happens.