Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UNAUTHORIZED if Auth Server is down? #3267

Closed
buchgr opened this issue Jul 24, 2017 · 6 comments
Closed

UNAUTHORIZED if Auth Server is down? #3267

buchgr opened this issue Jul 24, 2017 · 6 comments
Assignees
Milestone

Comments

@buchgr
Copy link
Collaborator

buchgr commented Jul 24, 2017

We are using GoogleAuthLibraryCredentials to authenticate our gRPC calls and we sometimes have the case where the authentication fails, because the auth server is not reachable and then the call fails with UNAUTHENTICATED status code.

Some people on my team argue that it should fail with UNAVAILABLE, I personally think UNAUTHENTICATED makes sense, so that a user can distinquish between a call and auth having gone wrong. However, arguably [1] is not clear about this.

The discussion arose, because of retries. In Bazel, we want to retry certain status codes i.e. UNAUTHENTICATED if the server could not be reached, but not if it failed due to wrong credentials. Any thoughts?

cc: @ejona86 @zhangkun83

[1] https://github.com/grpc/grpc/blob/master/doc/statuscodes.md

@ejona86
Copy link
Member

ejona86 commented Jul 24, 2017

@jboeuf, I thought I remembered someone raising this issue before (against another repo, maybe on mailing list?) but couldn't track it down. Is C still doing UNAUTHENTICATED for I/O errors while retrieving auth tokens?

I know several of us felt UNAVAILABLE would be more appropriate when originally implementing, but the decision ended up being to use UNAUTHENTICATED.

@carl-mastrangelo
Copy link
Contributor

Maybe SE/SRE can use addSuppressed (and throw Java 1.6 under the bus)

@ejona86
Copy link
Member

ejona86 commented Nov 8, 2017

@jboeuf, ping. Can we please fail with UNIMPLEMENTED UNAVAILABLE if retrieving an OAuth token fails?

@ejona86 ejona86 added this to the Next milestone Nov 8, 2017
@jboeuf
Copy link
Contributor

jboeuf commented Nov 8, 2017 via email

@ejona86
Copy link
Member

ejona86 commented Nov 8, 2017

:( @jboeuf, sorry. That should have been UNAVAILABLE. Too many 'UN's

@ejona86
Copy link
Member

ejona86 commented Nov 9, 2017

Okay, we'll swap this over. C is being swapped with grpc/grpc#13322

@dfawley, you may want to do the same.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants