Hi, how to generate token with an SpiceDB #spicedb

Join Discord

Hi, how to generate token with an

# spicedb

zhangbo.yang

07/02/2024, 7:04 AM

Hi, how to generate token with an instance?

vroldanbet

07/02/2024, 8:40 AM

what instance are you talking to? your own spicedb? authzed serverless? authzed dedicated?

zhangbo.yang

07/02/2024, 8:40 AM

My own spicedb created by docker

zhangbo.yang

07/02/2024, 8:41 AM

I generated token by this way:

Copy code

docker run --name spicedb -p 50051:50051 quay.io/authzed/spicedb serve --grpc-preshared-key "somerandomkeyhere"

printf "sdbst_h256_%s\n" $(echo -n somerandomkeyhere | sha256sum | cut -d' ' -f1)

vroldanbet

07/02/2024, 8:43 AM

well your preshared-key is somerandomkeyhere, so that's what you have to pass via the gRPC API

zhangbo.yang

07/02/2024, 8:43 AM

And write a script to test spiceDB in python https://cdn.discordapp.com/attachments/1257592697938772069/1257617703024459808/message.txt?ex=66850f41&is=6683bdc1&hm=cf99479ff2edbabe209c139c284d9fc8ff7a584645438a3a8e47f46cbcc61d9a&

zhangbo.yang

07/02/2024, 8:44 AM

Wait, what you mean that I don't need to execute

printf "sdbst_h256_%s\n" $(echo -n somerandomkeyhere | sha256sum | cut -d' ' -f1)

vroldanbet

07/02/2024, 8:45 AM

no, you don't have to that. That's for an entirely different feature in our commercial products. I'll take that as feedback.

vroldanbet

07/02/2024, 8:45 AM

all you have to do is use the same preshared key you specified in your docker instnace

vroldanbet

07/02/2024, 8:45 AM

so where you have

bearer_token_credentials

you pass that value

vroldanbet

07/02/2024, 8:47 AM

also you cannot use

bearer_token_credentials

if you are talking to

localhost

without TLS. You have to use the insecure transport: https://discord.com/channels/844600078504951838/1257320988312604814/1257325939210059807

zhangbo.yang

07/02/2024, 8:49 AM

ok, wait a minute, I'm trying

zhangbo.yang

07/02/2024, 8:59 AM

Copy code

client = Client(
    "xxx:50051",
    insecure_bearer_token_credentials("blabla")
)

will cause error :

Copy code

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
    status = StatusCode.UNAVAILABLE
    details = "failed to connect to all addresses; last error: UNKNOWN: ipv4:10.124.106.121:50051: Endpoint is neither UDS or TCP loopback address."
    debug_error_string = "UNKNOWN:Error received from peer  {created_time:"2024-07-02T08:58:14.0618968+00:00", grpc_status:14, grpc_message:"failed to connect to all addresses; last error: UNKNOWN: ipv4:10.124.106.121:50051: Endpoint is neither UDS or TCP loopback address."}"
>

zhangbo.yang

07/02/2024, 9:00 AM

bearer_token_credentials

will cause the same problem

zhangbo.yang

07/02/2024, 9:00 AM

but if i use codes in https://gist.github.com/jakedt/100d75048c7ebefdf2fb666de58cda9b

zhangbo.yang

07/02/2024, 9:01 AM

it will cause another problem:

Copy code

grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
    status = StatusCode.PERMISSION_DENIED
    details = "invalid preshared key: invalid token"
    debug_error_string = "UNKNOWN:Error received from peer ipv4:10.124.106.121:50051 {grpc_message:"invalid preshared key: invalid token", grpc_status:7, created_time:"2024-07-02T09:01:20.2423698+00:00"}"
>

zhangbo.yang

07/02/2024, 9:04 AM

I will try java sdk, not sure whether there's bug in python

vroldanbet

07/02/2024, 9:59 AM

are you calling to a spicedb on localhost, or somewhere that is not localhost (e.g. docker network?)

vroldanbet

07/02/2024, 9:59 AM

that's a known bug on python gRPC, and the workaround for now is the gist, yeah

116 Views

Previous Next