auth_request with grpc

bmacphee nginx-forum at forum.nginx.org
Tue Jul 2 14:54:34 UTC 2019


I was about to ask a related question.  Here is a sample of my config.  The
only issue is that the gRPC client gets a StatusCode.Cancelled when
authorization fails.

In this scenario, the auth service at http://auth:5000 is a simple flask
application performing the auth with a 3rd party identity provider.  You may
not need all the variables I am pushing around here, but hopefully this
gives you an idea.

server {

  location /some_grpc_api {

    grpc_pass grpc://internal_service:50051;
    grpc_set_header x-grpc-user $auth_resp_x_grpc_user;

  }

  # send all requests to the `/validate` endpoint for authorization
  auth_request /validate;
  auth_request_set $auth_resp_x_grpc_user $upstream_http_x_grpc_user;

  location = /validate {

    proxy_pass http://auth:5000;
    # the auth service acts only on the request headers
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

  }
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284427,284716#msg-284716



More information about the nginx mailing list