"The specified key byte array is 192 bits which is not secure enough for any JWT HMAC-SHA algorithm... " error for mockmvc post request

Question

I want to call write below code to write integration test for login in Kotlin:

@Test
fun userSignup() {
    var result  = this.mockMvc.perform(post("http://localhost/signup")
        .content("{\"email\" : \"email\", " +
                "\"username\" : \"username\", " +
                "\"password\" : \"password\", " +
                "\"userType\" : \"artist\"}")
        .contentType(MediaType.APPLICATION_JSON)
        .header("Authorization", Base64() )
    )
        .andExpect(status().isOk())
        .andDo(MockMvcResultHandlers.print())
}

But I get an HTTP status 400 with error message saying:

"The specified key byte array is 192 bits which is not secure enough for any JWT HMAC-SHA algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys#secretKeyFor(SignatureAlgorithm) method to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information."

How can I resolve this error?

I was expecting a Http 200 status. This error message is too low level that I wouldn't expect to see while working with an abstract library on testing.

Answer 1

The problems seems to be as follows: I was using Spring Framework. It has an application.properties file in it. There is a field there with name "security.jwt.secret-key" which is utilized while sending a packet to the network. The encryption of the packets can be done by the algorithms mentioned in error message such as HMAC-SHA algorithm and the algorithm demands a key as some sort of seed to this encryption algorithm from me. The value I provided for that field is too short and this is creating the error.