https://authzed.com logo
Join Discord
Powered by
Are there any relevant server logs?
# spicedb
j
Are there any relevant server logs?
a
authzed-docker-compose-postgres-spicedb-engine-1          | {"level":"error","grpc.component":"server","grpc.method":"LookupResources","grpc.method_type":"server_stream","grpc.service":"authzed.api.v1.PermissionsService","peer.address":"172.22.0.1:65180","protocol":"grpc","requestID":"eda188548c2b3e0484a683eb49fee639","grpc.start_time":"2022-01-06T13:51:10Z","grpc.code":"Unknown","grpc.error":"invalid preshared key: rpc error: code = Unauthenticated desc = Request unauthenticated with bearer","grpc.time_ms":"0.052","time":"2022-01-06T13:51:10Z","message":"finished call"}
j
and what does the constructor look like for NewClient?
a
client = v1.NewClient(process.env.AUTHZED_PRESHARED_TOKEN,process.env.AUTHZED_LOCAL_CONN,true);
connect with a pre shared key to local sever with insecure connection
it is interesting that Zed connects but node client does not . node client works fine with the cloud instance.
j
@User can you 
console.log
the token you're sending in and verify it matches?
a
will do now
client = v1.NewClient("somerandomkey","localhost:50051",true);
Copy code
abhishekdwivedi@Abhisheks-MacBook-Pro zed_policy_store % zed context remove local-dev                                                                        
abhishekdwivedi@Abhisheks-MacBook-Pro zed_policy_store % zed context set local-dev localhost:50051 somerandomkey
abhishekdwivedi@Abhisheks-MacBook-Pro zed_policy_store % zed context use local-dev
abhishekdwivedi@Abhisheks-MacBook-Pro zed_policy_store % zed relationship create vista/organization:VistaPrint parent_org vista/organization:Vista --insecure
GgMKATg=
abhishekdwivedi@Abhisheks-MacBook-Pro zed_policy_store %
Copy code
authzed-docker-compose-postgres-spicedb-engine-1          | {"level":"debug","time":"2022-01-06T15:51:38Z","message":"garbage collection completed for postgres"}
authzed-docker-compose-postgres-spicedb-engine-1          | {"level":"error","grpc.component":"server","grpc.method":"LookupResources","grpc.method_type":"server_stream","grpc.service":"authzed.api.v1.PermissionsService","peer.address":"172.22.0.1:55004","protocol":"grpc","requestID":"aeaf6619d3b92669cf40e97fd05d3491","grpc.start_time":"2022-01-06T15:52:00Z","grpc.code":"Unknown","grpc.error":"invalid preshared key: rpc error: code = Unauthenticated desc = Request unauthenticated with bearer","grpc.time_ms":"0.071","time":"2022-01-06T15:52:00Z","message":"finished call"}
This is the closest could get to comparing stuff.
j
hmmm
I wonder if the insecure flag on the JS client is somehow preventing the auth header from being sent
it shouldn't... the JS integration tests do the same thing
a
i did imagine that lest your integration tests would have failed i presume . without that flag connect does not get established .
j
yeah
I'll see if I can repro locally in an hour or so
with just a local SpiceDB and node client
a
ok cool thanks .. I will see once before I sleep .. it is around 9:30 pm
j
it appears to be a bug in the node client; will issue a fix
a
oh super , i guess i have been useful
j
definitely!
the reason the tests were passing is that we use the SpiceDB test server, which doesn't require a toekn
token*
but I've updated the tests in that PR to use per-test tokens, which will fail if the credentials aren't sent
@User for when you wake up, we just pushed v0.3.1 of the NPM client lib; you can now configure the client to allow credentials on localhost insecure or in general insecure (we recommend using the localhost option if that's applicable)
const client = NewClient("sometoken", "localhost:50051", ClientSecurity.INSECURE_LOCALHOST_ALLOWED);
a
Thanks @User this works . I will be checking in my code , will be good for other folks as well. I have done a pull request on the documentation for migration statement , and if required once approved i can update documentation for this as well on how to do local development
j
Sounds good
3 Views
PreviousNext
Powered by