dcs3spp
commented
2 months ago Hi @dcs3spp. I'm starting to review the PR.
I got a 401 from this request:
curl --location 'http://tyk-gateway.localhost:8080/grpc-custom-auth/get' \ --header 'Authorization: eyJvcmciOiI1ZTlkOTU0NGExZGNkNjAwMDFkMGVkMjAiLCJpZCI6ImdycGNfaG1hY19rZXkiLCJoIjoibXVybXVyNjQifQ=='I found that by changing the
api_idin the key from662facb2f03e750001a03500to6c56dd4d3ad942a94474df6097df67edthe request would work. Does the key work for you?
Thanks for the review @davegarvey, the API implements a gRPC custom auth plugin that requires a Authorization header formatted for HMAC signature. There is a bash script, scripts/hamc.sh, of the deployment folder to run a curl command:
curl -v -H "Date: ${date}" \
-H "Authorization: Signature keyId=\"${KEY}\",algorithm=\"${HMAC_ALGORITHM}\",signature=\"${url_encoded_signature}\"" \
${REQUEST_URL}Does running the above script work in your environment?
I am not sure why my plugin authorises the request with the key change though. I will update my environment and try it out and see if it does the same and then get back to you here
I have pulled latest changes from the branch and rebuilt the docker image and updated the hmac script so it requests to endpoint /grpc-custom-auth/get instead of /grpc-custom-auth.
I have tried running the hmac script and the curl and attached a screenshot image:
In my environment I get a 400 when running:
curl --location 'http://tyk-gateway.localhost:8080/grpc-custom-auth/get' \
--header 'Authorization: eyJvcmciOiI1ZTlkOTU0NGExZGNkNjAwMDFkMGVkMjAiLCJpZCI6ImdycGNfaG1hY19rZXkiLCJoIjoibXVybXVyNjQifQ=='I've improved the deployment readme file to include an example request
This PR adds a Python gRPC Server to tyk-demo. The deployment is named python-grpc-server and contains the following files:
Is it possible to configure coprocess gRPC server for only this deployment or would it have to be enabled in tyk.conf of the Gateway? Currently, in tyk.conf of GW deployment, coprocess is enabled.