https://www.prisma.io/ logo
Join Slack
Powered by
I have a backend service `foo` using the prisma se...
# orm-help
y
I have a backend service 
foo
using the prisma service. Right now 
foo
use a token generated using 
prisma token
. Since the token expires I need to renew the token. I consider setting up a service renewing the token every x minutes. I that the way to do it or are there other way?
m
No this is not needed. How is your backend talking to Prisma? Through Prisma client?
y
yes. using post request with Authorization header, bearer etc. I also have a file handler service written using koa which has the prisma client in context including the prisma_secret; works without token. However, the service in question is written in python so there I use the token?
any tips @marcus šŸ™‚
m
The easiest way should be to import a python library for JWT into your project and just create a token yourself inside your backend.
y
ok. thanks. services need to know the prisma_secret I suppose šŸ™‚
Do you have any sample code?
m
yes they need to know that. I will try to find an example.
y
thanks. I dig in the mean time as well. Is it correct that prisma client use https://www.npmjs.com/package/jsonwebtoken using hs256 algorithm?
m
the payload does not need to contain something special
y
this works:
bloody slack
Copy code
pip install pyjwt
Copy code
import jwt
  happy_token = jwt.encode({}, <PRISMA_SECRET>, algorithm='HS256')
easy šŸ˜„
just edited. What I first posted does not work. sorry. I attend a copy-paste course tomorrow (stanford)
f
@marcus related question to see if Iā€™m doing this correctly, I just have an environment variable with ā€œprisma secretā€ in my backend that passes it to Prisma Bindings. Service config has 
secret: ${env:PRISMA_SECRET}
(same variable). Apart from that, in the Service Docker I specify 
managementApiSecret
with the same value. Does this sound right? However, I havenā€™t used 
prisma token
command at all. This secret was generated with 
openssl rand
or similar šŸ¤”
m
@Fran Dios: 1. Passing the secret from the service config to Prisma binding is correct. You donā€™t need to call 
prisma token
in this case because the bindings are already doing that for you internally. @yolen had to do that because we donā€™t have an official client for Python yet. 2. You can use the same secret for 
managementApiSecret
if you want to. However i would recommend to use something different. This secret protects your management API which is called by 
prisma deploy
. You donā€™t need to put that secret somewhere else. It is automatically picked up by the Prisma CLI.
f
It is automatically picked up by the Prisma CLI
I see! Thatā€™s the part that confused me, I thought it had to be the same because otherwise CLI wouldnā€™t know. Thanks a lot @marcus
šŸ‘ 1
n
@Fran Dios Maybe this FAW helps to understand the differences of the service secret and management API secret a bit better: https://www.prisma.io/docs/-fq01/ šŸ™‚
f
@nikolasburk I see that it doesnā€™t work for 1.14, which is the version where I read the docs fully šŸ˜…. Works for 1.24, thanks!
y
smallish thing. remember to decode:
Copy code
@classmethod
    def _get_prisma_token(cls):
        PRISMA_SECRET = os.environ['PRISMA_SECRET']
        prisma_token = jwt.encode({}, PRISMA_SECRET, algorithm='HS256').decode('utf-8')
        
        return prisma_token
(I cannot figure out how to edit code in threads...)
2 Views
Open in Slack
PreviousNext
Powered by