Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GRPC Authorization header #125

Closed
lantian opened this issue Nov 23, 2021 · 4 comments
Closed

GRPC Authorization header #125

lantian opened this issue Nov 23, 2021 · 4 comments

Comments

@lantian
Copy link

lantian commented Nov 23, 2021

Hello,

Thank you againg for your great work =)!

But I have one more problem =). When using GRPC - header "Authorization" just disapearing. Can be tested with:

proto < ./grpcbin.proto
GRPC grpcb.in:9000/grpcbin.GRPCBin/HeadersUnary
Authorization: Bearer 111

grpcb.in just returns response without our header. And doesn't matter if it is "Bearer" or anything else. Also want to mention that openid/oauth2 will not work here coz token also received using GRPC not via HTTP =). So i need manually to provide header.

Using event also gives nothing:

{{@request
 request.headers.Authorization = 'Bearer XXX';
}}

Using simple HTTP get, for example:

@host=https://httpbin.org
###
GET /anything?q=1 HTTP/1.1
Authorization: Bearer 1111

Works well.
Version of vscode plugin: v4.7.2
@AnWeber
Copy link
Owner

AnWeber commented Nov 23, 2021

How does OAuth2 login via Grpc work? Is the procedure a standard?
The Authorization header is removed because it is currently redirected to the channel credentials. See https://github.com/AnWeber/httpyac/blob/main/src/actions/grpcClientAction.ts#L187. I will remove it.
Unfortunately, I do not have any practical experience with Grpc and therefore I am enthusiastic about any help and suggestions for improvement.

@lantian
Copy link
Author

lantian commented Nov 23, 2021
edited
Loading

How does OAuth2 login via Grpc work? Is the procedure a standard?

Actually nothing changes here. GRPC also acts here as transport protocol, same as HTTP. But I'm not sure that oauth is default way for GRPC (https://grpc.io/docs/guides/auth/ , for example google auth treats oauth as legacy and uses new approach ALTS).

And we are currently using simple JWT, and I'm trying to implement in that way:

{{
  exports.PROTO_PATH = require('./../../../grpc.js').PROTO_PATH;
}}

proto < {{PROTO_PATH}}/some_service.proto
includeDirs: [`${PROTO_PATH}`]

# @import ./../auth/auth.http
# @ref auth
GRPC {{host}}/com...SomeService/List
Authorization: Bearer {{auth.token}}

Our java service by default awaits metadata to contains "Authorization" header - https://github.com/yidongnan/grpc-spring-boot-starter/blob/master/grpc-server-spring-boot-autoconfigure/src/main/java/net/devh/boot/grpc/server/security/authentication/BearerAuthenticationReader.java#L76

As for httpyac - I'm not sure that it will be best way to support you internal openid/oauth tool for grpc - coz it will require an additional proto imports (need some design here) and again grpc allows to secure in different ways communication and I'm not sure that oauth2 will take same role as it did with http. Btw I'm also some kind new to GRPC =), can only say some my thoughts, but this thoughts will be not an expertise =)

AnWeber added a commit that referenced this issue Nov 23, 2021
@AnWeber
fix: remove using Authorization Header as ChannelSecurity #125
f80e69d
@AnWeber
Copy link
Owner

AnWeber commented Nov 23, 2021

I have now removed the special handling for Authorization headers. It already felt like an error when coding, only I thought to get OAuth2 tokens in.

@AnWeber AnWeber closed this as completed Nov 23, 2021
@ey-in-vorontsov
Copy link

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lantian @AnWeber @ey-in-vorontsov