I am following Temporal JWT Authorization this example and trying to make the JWT work.
I started the jwks server and change the port to 61884
.
go run ./serverjwtauth/key gen-and-serve
I used the docker-compose.yml
and added 4 env to temporal
and 1 env to temporal-admin-tools
temporal:
container_name: temporal
depends_on:
- postgresql
- elasticsearch
environment:
...
- TEMPORAL_JWT_KEY_SOURCE1=http://host.docker.internal:61884/jwks.json
- TEMPORAL_AUTH_AUTHORIZER=default
- TEMPORAL_AUTH_CLAIM_MAPPER=default
- TEMPORAL_CLI_AUTH=Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkdXRUtVemFJY0EzOGx0RlpYM1lfNGpJaHFwbU4xRG9GeW9tMUk4WFBmU3M9IiwidHlwIjoiSldUIn0.eyJleHAiOjE2OTYxNDkzNjUsInBlcm1pc3Npb25zIjpbInN5c3RlbTphZG1pbiJdLCJzdWIiOiJ0ZW1wb3JhbC1zYW1wbGVzLWdvIn0.PCIETv1EHH2y2H7bpQa2McY-0uhsUmPT6BWRli7k0knmWqCECF3q_USMxJOGr16SlB3Q7yRCDKSNPSbG7wqevQ
image: temporalio/auto-setup:${TEMPORAL_VERSION}
...
temporal-admin-tools:
container_name: temporal-admin-tools
depends_on:
- temporal
environment:
- TEMPORAL_ADDRESS=temporal:7233 # used by temporal
- TEMPORAL_CLI_ADDRESS=temporal:7233 # used by tctl
- TEMPORAL_CLI_AUTH=Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkdXRUtVemFJY0EzOGx0RlpYM1lfNGpJaHFwbU4xRG9GeW9tMUk4WFBmU3M9IiwidHlwIjoiSldUIn0.eyJleHAiOjE2OTYxNDkzNjUsInBlcm1pc3Npb25zIjpbInN5c3RlbTphZG1pbiJdLCJzdWIiOiJ0ZW1wb3JhbC1zYW1wbGVzLWdvIn0.PCIETv1EHH2y2H7bpQa2McY-0uhsUmPT6BWRli7k0knmWqCECF3q_USMxJOGr16SlB3Q7yRCDKSNPSbG7wqevQ
image: temporalio/admin-tools:${TEMPORAL_VERSION}
...
After running the compose file, the temporal
container can’t start, and I see this error.
{"level":"fatal","ts":"2023-10-01T08:00:18.820Z","msg":"error starting scanner","service":"worker","error":"Request unauthorized.","logging-call-at":"service.go:501","stacktrace":"go.temporal.io/server/common/log.(*zapLogger).Fatal\n\t/home/builder/temporal/common/log/zap_logger.go:174\ngo.temporal.io/server/service/worker.(*Service).startScanner\n\t/home/builder/temporal/service/worker/service.go:501\ngo.temporal.io/server/service/worker.(*Service).Start\n\t/home/builder/temporal/service/worker/service.go:388\ngo.temporal.io/server/service/worker.ServiceLifetimeHooks.func1.1\n\t/home/builder/temporal/service/worker/fx.go:139"}
I tried to create the namespace with tctl
, but since the temporal server start failed, I couldn’t create inside the temporal-admin-tools
terminal, it said connection error.
Error: Register namespace operation failed.
Error Details: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
('export TEMPORAL_CLI_SHOW_STACKS=1' to see stack traces)