Thanks for your input. I think I found a solution that will work, so I
replied to my original question with the config.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,284718,284881#msg-284881
___
nginx mailing list
nginx@nginx.org
http://ma
I had some success doing the intercept at the next level above the auth
proxy location like this:
(using grpc_intercept_errors)
server {
listen 443 ssl http2;
include grpc_servers.conf;
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
Yes, I was trying various combinations of the following, with no success.
location @grpc_auth_fail {
add_trailer grpc-status 16 always;
add_header grpc-status 16 always;
add_trailer grpc-message Unauthorized always;
add_header grpc-message Unauthorized always;
re
I appreciate the suggestion but it doesn't look like this is possible to
solve with these modules. The authentication part happens as a sub-request,
and the response provided by sub request influences how the gRPC part is
handled at the top level. Unless I can figure out some way to pass
variable
I have an nginx configuration that passes gRPC API requests to other
services an authorization endpoint that is used in conjunction.
This works great when authorization is successful (my HTTP1 authorization
endpoint returns HTTP 2xx status codes).
When authorization fails (it returns 401), the gR
I was about to ask a related question. Here is a sample of my config. The
only issue is that the gRPC client gets a StatusCode.Cancelled when
authorization fails.
In this scenario, the auth service at http://auth:5000 is a simple flask
application performing the auth with a 3rd party identity pr
