Using JSON Web Tokens
This document explains how to handle JSON Web Tokens via both HTTP and gRPC.
HTTP
JSON Web Tokens can only be presented via HTTP requests in the form of an Authorization header.
Authorization Header
For applications that communicate with Flipt over HTTP, the Authorization header is required.
It must be provided in the form Authorization: JWT <jwt>.
The following examples illustrate this in the context of various programming languages:
GRPC
For gRPC we use the Metadata functionality similar to HTTP Headers.
The lower-case authorization metadata key should be supplied with a single string JWT <jwt> to any RPC calls.
Example
The following example authenticates a single gRPC client request:
func DoRequest(ctx context.Context, flagKey string) {
ctx := metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
flag, err := flipt.GetFlags(ctx, &flipt.GetFlagRequest{
Key: flagKey,
})
//...
}
This subsequent example demonstrates using a client unary interceptor, which authenticates all outgoing requests:
func AuthUnaryClientInterceptor(optFuncs ...CallOption) grpc.UnaryClientInterceptor {
return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
return invoker(ctx, method, req, reply, cc, opts...)
}
}
Was this page helpful?