Answer by Gerard for IAM error when authenticating with token SurrealDB

You are correct that the --auth argument is indeed very recommended for production deployments and it is not necessarily to remove it to solve your problem. Your issue happens because you are providing the token in the Token header, whereas you should provide it in the Authorization header in the format Bearer $token. Assuming that the JWT is being constructed and signed correctly, this should solve your issue.

Here is how I would reproduce what I understand is your intended use case:

1. Start the server with surreal start --auth -u root -p root --deny-guests --no-banner. Remember to change the root credentials in your deployment.
2. Connect to the server with surreal sql -u root -p root and run the following statements:

use ns Test db Test;DEFINE SCOPE account;DEFINE TOKEN user_tkn ON SCOPE account TYPE HS256 VALUE 'example123456';DEFINE TABLE users PERMISSIONS FULL; -- Remember to properly restrict this.CREATE users:test_user CONTENT {"exists": true};

3. Create a token (e.g. in jwt.io) with the HS256 algorithm and using example123456 as the signature secret. Do not check the box to encode the secret. The token payload should contain the following:

{"ns": "Test","db": "Test","sc": "account","tk": "user_tkn","id": "users:test_user","iat": 1703421361,"exp": 1803424961}

4. Assuming that you are running SurrealDB locally as I described, you can then execute queries using the token that you just generated with HTTP requests like the one generated by the following command:

curl -vvv localhost:8000/sql \--data "SELECT * from users:test_user" \-H "Accept: application/json" \-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJucyI6IlRlc3QiLCJkYiI6IlRlc3QiLCJzYyI6ImFjY291bnQiLCJ0ayI6InVzZXJfdGtuIiwiaWQiOiJ1c2Vyczp0ZXN0X3VzZXIiLCJpYXQiOjE3MDM0MjEzNjEsImV4cCI6MTgwMzQyNDk2MX0.SsuApbUvBxsOvO8T5nvtJ294bsUbdynits77dgiETT8"

Following the instructions above, you should get the following response:

[{"result":[{"exists":true,"id":"users:test_user"}],"status":"OK","time":"97.48µs"}]

I hope this was helpful! Feel free to let me know if you need any other help.

PS: I work in SurrealDB.