How use authorization mechanism in worker

marimp8888 · December 16, 2021, 11:23am

Hi all,
I successfully implemented the authorization mechanism to authorize tctl cli with temporal server. I used authorizer/claimMapper in server and “temporal-tctl-authorization-plugin” plugin in tctl (the tctl pass a JWT token that contains the identity).
I’m trying to understand if it is possible to use the same logic for “workers”. At the moment the workers are blocked because they are not authorized (how can I pass the JWT from worker and identify them).

Great Thanks
Regards
Marco

Chad_Retz · December 16, 2021, 2:37pm

Absolutely. JWT-based authentication is usually via the Authorization: Bearer <mytoken> header which can be sent to the server via a client.Options.HeadersProvider. I opened Add sample for auth token · Issue #160 · temporalio/samples-go · GitHub a couple of days ago to address this gap in the samples. The tctl CLI uses this same approach with your plugin since the tctl CLI just uses the SDK client.

Topic		Replies	Views
Tctl security authentication Community Support java-sdk , helm	5	1088	August 26, 2021
Temporal Worker unable to talk to Internal Frontend, receiving Request Unauthorized Server Deployment general-impl	2	1611	March 30, 2024
Question JWT Authorization via SDK / CLI Community Support	0	638	April 18, 2021
UI JWT authorisation on role and API/Cli using mTLS client certificates Server Deployment typescript-sdk	0	74	June 20, 2024
Fine-grained authorization Community Support go-sdk	10	849	August 13, 2021

How use authorization mechanism in worker

Related topics