I was about to ask a related question. Here is a sample of my config. The only issue is that the gRPC client gets a StatusCode.Cancelled when authorization fails.
In this scenario, the auth service at http://auth:5000 is a simple flask application performing the auth with a 3rd party identity provider. You may not need all the variables I am pushing around here, but hopefully this gives you an idea. server { location /some_grpc_api { grpc_pass grpc://internal_service:50051; grpc_set_header x-grpc-user $auth_resp_x_grpc_user; } # send all requests to the `/validate` endpoint for authorization auth_request /validate; auth_request_set $auth_resp_x_grpc_user $upstream_http_x_grpc_user; location = /validate { proxy_pass http://auth:5000; # the auth service acts only on the request headers proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284427,284716#msg-284716 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
