Welcome! Log In Create A New Profile

Advanced

request authorization with grpc (failure status code)

July 02, 2019 11:19AM
I have an nginx configuration that passes gRPC API requests to other services an authorization endpoint that is used in conjunction.

This works great when authorization is successful (my HTTP1 authorization endpoint returns HTTP 2xx status codes).

When authorization fails (it returns 401), the gRPC connection initiated by the client receives a gRPC Cancelled(1) status code, rather than what would be ideal for the client - an Unauthorized (16) status code. The status message appears to be populated by nginx indicating the 401 failure.

Is there a way to control the status code returned to the gRPC channel during failed auth?

I tried and failed at doing this with the below configuration. Any non-200 code returned by the auth failure handling results in the same cancelled status code even after trying to set the status code manually. If I override the return with a 200 series code, it treats authorization as successful (which it also bad).

server {
location /some_grpc_api {

grpc_pass grpc://internal_service:50051;
grpc_set_header x-grpc-user $auth_resp_x_grpc_user;
}

# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
auth_request_set $auth_resp_x_grpc_user $upstream_http_x_grpc_user;

location = /validate {
proxy_pass http://auth:5000;

# the auth service acts only on the request headers
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# attempt to customize grpc error code
proxy_intercept_errors on;
error_page 401 /grpc_auth_fail_page;
}

# attempt to customize grpc error code
location = /grpc_auth_fail_page {
internal;
grpc_set_header grpc-status 16;
grpc_set_header grpc-message "Unauthorized";
return 401;
}
}
Subject Author Posted

request authorization with grpc (failure status code)

bmacphee July 02, 2019 11:19AM

Re: request authorization with grpc (failure status code)

Maxim Dounin July 02, 2019 09:18PM

Re: request authorization with grpc (failure status code)

bmacphee July 16, 2019 04:23PM

Re: request authorization with grpc (failure status code)

Maxim Dounin July 17, 2019 07:50AM

Re: request authorization with grpc (failure status code)

bmacphee July 17, 2019 08:22AM

Re: request authorization with grpc (failure status code)

bmacphee July 17, 2019 08:35AM

Re: request authorization with grpc (failure status code)

bmacphee July 17, 2019 08:32AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 60
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready