search

grpc / grpc

The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)
https://grpc.io
Apache License 2.0
42.03k stars 10.56k forks source link

grpc_cli with grpc token based auth (Invalid credentials message) #30613

Open ksator opened 2 years ago

ksator commented 2 years ago

I am able to use grpcurl with ServerReflection but not grpc_cli

grpcurl

this works: 

grpcurl -H "Authorization: Bearer `cat token.tok`" -insecure 192.168.0.5:443 list
grpcurl -H "Authorization: Bearer $token" -insecure 192.168.0.5:443 list

grpc_cli

sudo apt-get update 
sudo apt-get upgrade -y
sudo apt-get install build-essential autoconf libtool pkg-config cmake -y
git clone https://github.com/grpc/grpc.git
cd grpc
git submodule update --init
mkdir -p cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON ../..
make grpc_cli
./grpc_cli help

This doesnt work: 

./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=echo $token
./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=$token
./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=`cat token.tok`
./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=`echo $token`
./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=$token --channel_creds_type=insecure
./grpc_cli ls 192.168.0.5:443 --call_creds=access_token=$(cat token.tok) --channel_creds_type=insecure
ServerReflectionInfo rpc failed. Error code: 3, message: Invalid credentials., debug info: UNKNOWN:early return from promise based filter {file:"/home/arista/grpc/src/core/lib/channel/promise_based_filter.cc", file_line:348, created_time:"2022-07-24T20:29:39.303244048+00:00", grpc_status:3, grpc_message:"Invalid credentials."}
hitesh-kumain commented 2 years ago

can you please assign this to me ?

rutsky commented 2 years ago

Perhaps setting Authorization header through --metadata would work?

./grpc_cli ls 192.168.0.5:443 --metadata="authorization:Bearer $token"
Ian-Stewart-Binks commented 1 year ago

I'm running into a similar issue as the OP and grpc_cli doesn't appear to support a --metadata flag.


List services
  grpc_cli ls <address> [<service>[/<method>]]
    <address>                ; host:port
    <service>                ; Exported service name
    <method>                 ; Method name
    --l                      ; Use a long listing format
    --outfile                ; Output filename (defaults to stdout)
    --ssl_target             ; Set server host for ssl validation
    --ssl_client_cert        ; Client cert for ssl
    --ssl_client_key         ; Client private key for ssl
    --local_connect_type     ; Set to local_tcp or uds
    --channel_creds_type     ; Set to insecure, ssl, gdc, alts, or local
    --call_creds             ; Set to none, or access_token=<token>
async-costelo commented 1 year ago

@Ian-Stewart-Binks use grpc_cli --helpfull to get a list of all flags