How use authorization mechanism in worker

marimp8888 · December 16, 2021, 11:23am

Hi all,
I successfully implemented the authorization mechanism to authorize tctl cli with temporal server. I used authorizer/claimMapper in server and “temporal-tctl-authorization-plugin” plugin in tctl (the tctl pass a JWT token that contains the identity).
I’m trying to understand if it is possible to use the same logic for “workers”. At the moment the workers are blocked because they are not authorized (how can I pass the JWT from worker and identify them).

Great Thanks
Regards
Marco

Chad_Retz · December 16, 2021, 2:37pm

Absolutely. JWT-based authentication is usually via the Authorization: Bearer <mytoken> header which can be sent to the server via a client.Options.HeadersProvider. I opened Add sample for auth token · Issue #160 · temporalio/samples-go · GitHub a couple of days ago to address this gap in the samples. The tctl CLI uses this same approach with your plugin since the tctl CLI just uses the SDK client.

Topic		Replies	Views
Tctl security authentication Community Support java-sdk , helm	5	985	August 26, 2021
Question JWT Authorization via SDK / CLI Community Support	0	498	April 18, 2021
Fine-grained authorization Community Support go-sdk	10	710	August 13, 2021
Authorization, Untrusted workflow creation and namespace authentication Community Support auth	20	3539	September 12, 2023
Extending the custom authorisation (JWT) to the System Worker Community Support jwt , auth , worker	8	1696	December 28, 2021

How use authorization mechanism in worker

Related Topics