Subscription+JWT crashes if ExpiresAt is not given in the JWT

Report a Dgraph Bug

What version of Dgraph are you using?


Have you tried reproducing the issue with the latest release?


What is the hardware spec (RAM, OS)?

8GB, Ubuntu

Steps to reproduce the issue (command/config used to run Dgraph).

  1. create a GraphQL schema with auth enabled
  2. create a JWT without ExpiresAt
  3. try to create a subscription by using that JWT

Expected behaviour and actual result.

expected: that the subscription works
actual result:

[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1702b45]

goroutine 311 [running]:*Poller).AddSubscriber(0xc0004838f0, 0xc02f5b22a0, 0xc00022a850, 0x0, 0x0, 0x0)
	/home/user/dgraph/graphql/subscription/poller.go:114 +0x555*graphqlSubscription).Subscribe(0xc00058a1c0, 0x1e1d440, 0xc02f5b2090, 0xc02f57e6e0, 0x48, 0x0, 0x0, 0xc000157f80, 0x8, 0x7fcb702ed170, ...)
	/home/user/dgraph/graphql/web/http.go:165 +0x24c*connection).readLoop(0xc02f6ca000, 0x1e1d380, 0xc02f6cc000, 0xc02f537fe0)
	/home/user/go/pkg/mod/ +0x6de, 0xc02f688c60, 0x1dea280, 0xc00058a1c0, 0x0, 0x0, 0x0, 0xbc4d5e64)
	/home/user/go/pkg/mod/ +0x214
created by
	/home/user/go/pkg/mod/ +0x1bc

I figure it’s because it’s trying to dereference customClaims.StandardClaims.ExpiresAt.Time, although ExpiresAt is nil.

Thanks for reporting this @rliang. We are looking into investigating this and will soon add a fix for this.

Hi @rilang, we have added fix for this bug in the master branch , and it would also be avaliable in 20.07.1.