Jwt connection with nodejs

I’ve installed an image of convergence server on an Ubuntu 18 with:

docker run --net=host --name convergence convergencelabs/convergence-omnibus

I’ve create a domain with name living, keyId =“jwtliving070920” and I’ve generated the public/private keypair (checked the Enabled).

I’m trying to connect to the convergence server using a nodejs app:

const pathkey = path.join(__dirname, '/../conf/pkliving.key');
const privateKey = fs.readFileSync(pathkey);
var keyId = "jwtliving070920";
var gen = new JwtGenerator(keyId, privateKey);
var claims = { firstName: "myname", lastName: "mysurname" };
var username = "[email protected]";
var token = gen.generate(username, claims);
const url = "";

Convergence.connectWithJwt(url, token, {
    webSocket: {
       factory: (u: any) => new WebSocket(u, { rejectUnauthorized: false}),
       class: WebSocket
.then((domain: any) => {
     console.log("Connection success");    
.catch((error: any) => {
   console.log("Connection failed")

I end up with the following error

ConvergenceError: Authentication failed
   at ConvergenceConnection._handleConnectionFailure (C:\Users\pulic\source\repos\living\livingapi\node_modules\@convergence\convergence\convergence.js:7277:45)
   at ConvergenceConnection.<anonymous> (C:\Users\pulic\source\repos\living\livingapi\node_modules\@convergence\convergence\convergence.js:7241:29)
   at Generator.next (<anonymous>)
   at fulfilled (C:\Users\pulic\source\repos\living\livingapi\node_modules\@convergence\convergence\convergence.js:54:58)
   at processTicksAndRejections (internal/process/task_queues.js:97:5) {
 _code: 'authentication_failed',
 _details: {}

what am I doing wrong?

This looks reasonable. Are there any error logs on the server side. Are you using the omnibus docker container?

Are you setting the required headers and claims as documented here? https://docs.convergence.io/guide/authentication/json-web-tokens/

Looking at the JwtGenerator library’s code, the default expiration is set to 1 minute.
You can change it by adding this line of code. Which extends it to 1 day


Generally speaking, the way we use JWTs, is that you generate them at the moment that authentication is being made. They are then short lived. The expiration time is generally the time between when the token is generated and when the client with authenticate to convergence. Given program logic, network latency, etc. this should generally only be a few seconds. So we made the default time be a minute. We should probably document this better.

Theoretically, you don’t want long lived JWT’s hanging around that could potentially be compromised and then used to authenticate as a user. In a future version of Convergence, once you have used a JWT once it will not be usable again, which is a security best practice.

I 100% agree. I should of clarified that in my reply