-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UNAUTHORIZED if Auth Server is down? #3267
Comments
@jboeuf, I thought I remembered someone raising this issue before (against another repo, maybe on mailing list?) but couldn't track it down. Is C still doing UNAUTHENTICATED for I/O errors while retrieving auth tokens? I know several of us felt UNAVAILABLE would be more appropriate when originally implementing, but the decision ended up being to use UNAUTHENTICATED. |
Maybe SE/SRE can use |
@jboeuf, ping. Can we please fail with |
I'm confused. Do you really want UNIMPLEMENTED in this case?
…On Wed, Nov 8, 2017 at 8:06 AM, Eric Anderson ***@***.***> wrote:
@jboeuf <https://github.com/jboeuf>, ping. Can we please fail with
UNIMPLEMENTED if retrieving an OAuth token fails?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3267 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF-P7ZJaE66o4s_Jzzlec1hXSLHlIRr1ks5s0dF6gaJpZM4Og9RY>
.
|
:( @jboeuf, sorry. That should have been UNAVAILABLE. Too many 'UN's |
Okay, we'll swap this over. C is being swapped with grpc/grpc#13322 @dfawley, you may want to do the same. |
We are using
GoogleAuthLibraryCredentials
to authenticate our gRPC calls and we sometimes have the case where the authentication fails, because the auth server is not reachable and then the call fails withUNAUTHENTICATED
status code.Some people on my team argue that it should fail with
UNAVAILABLE
, I personally thinkUNAUTHENTICATED
makes sense, so that a user can distinquish between a call and auth having gone wrong. However, arguably [1] is not clear about this.The discussion arose, because of retries. In Bazel, we want to retry certain status codes i.e.
UNAUTHENTICATED
if the server could not be reached, but not if it failed due to wrong credentials. Any thoughts?cc: @ejona86 @zhangkun83
[1] https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
The text was updated successfully, but these errors were encountered: