What is the relation between :authority and channel credentials?

33 views
Skip to first unread message

san...@saares.eu

unread,
Oct 24, 2018, 12:50:18 AM10/24/18
to grpc.io
I use the HTTP2 ":authority" header for routing gRPC requests from a nginx gateway to various gRPC servers, along the lines of https://github.com/grpc/grpc/issues/14900

So far I have not used any credentials but I wish to do so soon. However, I notice that in the documentation of the DialOptions.WithAuthority() call, there is the following statement:

// :authority pseudo-header. This value only works with WithInsecure and has no
// effect if TransportCredentials are present.
// WithAuthority returns a DialOption that specifies the value to be used as the

I am probably missing something obvious here but what is the relation between the ":authority" header and the transport credentials? Is my routing somehow incompatible with the use of proper channel credentials?


Cheers,

Sander

Sander Saares

unread,
Oct 24, 2018, 5:07:08 AM10/24/18
to grp...@googlegroups.com
I found a comment on GitHub saying " At least with Java, using this with TLS will require the overridden authority to still appear on your server's cert - I believe the same is true for wrapped languages (including C#), but if you plan to use this in production this should be verified." which might shed some light on it. However, there remains a conflict between "only works with Insecure" and "requires the name to be present".

--
You received this message because you are subscribed to a topic in the Google Groups "grpc.io" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/grpc-io/5t0BMlu4Qhk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/85b1974e-f961-4c65-9601-77ea4c2401d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Carl Mastrangelo

unread,
Oct 24, 2018, 1:19:25 PM10/24/18
to grpc.io
The authority is available to the channel credentials when the creds are being created.   As you noticed, the authority is used to verify the identity in TLS, and allows the server to route your request .   

Does this answer your question?

san...@saares.eu

unread,
Oct 25, 2018, 6:12:49 AM10/25/18
to grpc.io
I believe so. Thanks for the fast response!
Reply all
Reply to author
Forward
0 new messages