auth_request with grpc
bmacphee
nginx-forum at forum.nginx.org
Tue Jul 2 14:54:34 UTC 2019
I was about to ask a related question. Here is a sample of my config. The
only issue is that the gRPC client gets a StatusCode.Cancelled when
authorization fails.
In this scenario, the auth service at http://auth:5000 is a simple flask
application performing the auth with a 3rd party identity provider. You may
not need all the variables I am pushing around here, but hopefully this
gives you an idea.
server {
location /some_grpc_api {
grpc_pass grpc://internal_service:50051;
grpc_set_header x-grpc-user $auth_resp_x_grpc_user;
}
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
auth_request_set $auth_resp_x_grpc_user $upstream_http_x_grpc_user;
location = /validate {
proxy_pass http://auth:5000;
# the auth service acts only on the request headers
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284427,284716#msg-284716
More information about the nginx
mailing list