temporal icon indicating copy to clipboard operation
temporal copied to clipboard
verified publisher icon temporalio

Forward authorization headers for remote rpcs

Open dnr opened this issue 2 years ago • 2 comments

What changed?

Forward authorization and authorization-extras (or configured headers) for remote grpc connections only (not local).

Why?

Fixes #4823

How did you test it?

unit tests, will test manually

dnr avatar Dec 13 '23 07:12 dnr

Hi thank you for the effort of solving this issue.

I tested your change and was able to get the token passed. However another issue occurred. Both worker service and history service received request unauthorized since they do not provide any auth header, and they will not be able to use the internal frontend, because it is a remote call.

The endpoints failing are: GetReplicationMessages and GetNamespaceReplicationMessages

Is this possible to solve somehow?

It is not possible to use tls with our setup since we are doing the tls check elsewhere.

sonrel avatar Dec 15 '23 14:12 sonrel

This PR was marked as stale. Please update or close it.

github-actions[bot] avatar May 16 '24 00:05 github-actions[bot]