Welcome! Log In Create A New Profile

Advanced

Re: auth_request with grpc

July 02, 2019 10:54AM
I was about to ask a related question. Here is a sample of my config. The only issue is that the gRPC client gets a StatusCode.Cancelled when authorization fails.

In this scenario, the auth service at http://auth:5000 is a simple flask application performing the auth with a 3rd party identity provider. You may not need all the variables I am pushing around here, but hopefully this gives you an idea.

server {

location /some_grpc_api {

grpc_pass grpc://internal_service:50051;
grpc_set_header x-grpc-user $auth_resp_x_grpc_user;

}

# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
auth_request_set $auth_resp_x_grpc_user $upstream_http_x_grpc_user;

location = /validate {

proxy_pass http://auth:5000;
# the auth service acts only on the request headers
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}
}
Subject Author Posted

auth_request with grpc

walt June 03, 2019 05:35PM

Re: auth_request with grpc

bmacphee July 02, 2019 10:54AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 81
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready