Skip to content

Commit 69bc106

Browse files
authored
Add section on authentication of TLS reverse proxies. (#153)
Add a section on how to authenticate pydgraph when the Dgraph instance is behind a reverse TLS proxy. Taken from the gRPC section in https://graphql.dgraph.io/slash-graphql/advanced-queries/
1 parent 36ae225 commit 69bc106

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -384,6 +384,24 @@ For example, the following alters the schema with a timeout of ten seconds:
384384
A `CallCredentials` object can be passed to the `login`, `alter`, `query`, and
385385
`mutate` methods using the `credentials` keyword argument.
386386

387+
### Authenticating to a reverse TLS proxy
388+
389+
If the Dgraph instance is behind a reverse TLS proxy, credentials can also be
390+
passed through the methods available in the gRPC library. Note that in this case
391+
every request will need to include the credentials. In the example below, we are
392+
trying to add authentication to a proxy that requires an API key. This value is
393+
expected to be included in the metadata using the key "authorization".
394+
395+
```
396+
creds = grpc.ssl_channel_credentials()
397+
call_credentials = grpc.metadata_call_credentials(
398+
lambda context, callback: callback((("authorization", "<api-key>"),), None))
399+
composite_credentials = grpc.composite_channel_credentials(creds, call_credentials)
400+
client_stub = pydgraph.DgraphClientStub(
401+
'{host}:{port}'.format(host=GRPC_HOST, port=GRPC_PORT), composite_credentials)
402+
client = pydgraph.DgraphClient(client_stub)
403+
```
404+
387405
### Async methods.
388406

389407
The `alter` method in the client has an asyncronous version called

0 commit comments

Comments
 (0)