Skip to content

NQ example: fix token usage in code & docs #401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 18, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions java/com/engflow/notificationqueue/Client.java
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,12 @@ public static void main(String[] args) throws Exception {
}
try {
final Metadata header = new Metadata();
Metadata.Key<String> userKey =
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
header.put(userKey, "Bearer " + clientOptions.getOption("token"));
Metadata.Key<String> methodKey =
Metadata.Key.of("x-engflow-auth-method", Metadata.ASCII_STRING_MARSHALLER);
header.put(methodKey, "jwt-v0");
Metadata.Key<String> tokenKey =
Metadata.Key.of("x-engflow-auth-token", Metadata.ASCII_STRING_MARSHALLER);
header.put(tokenKey, clientOptions.getOption("token"));
pull(channel, clientOptions.getOption("queue_name"), header, forwardChannel);
} finally {
if (channel != null) {
Expand Down
19 changes: 6 additions & 13 deletions java/com/engflow/notificationqueue/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,30 +44,23 @@ bazel run //java/com/engflow/notificationqueue:client -- \
```


### Using tokens to run the client
### Using JWT to run the client

In the second for case authentication you should have a token issued by a
valid authority. In this example we use cluster used by the
[open-source envoy-mobile](https://github.com/envoyproxy/envoy-mobile) project.
It uses [GitHub tokens](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) for authentication method but your server may support
other token provider. To execute the client against the envoy-mobile cluster add
the argument
In the second authentication case you should count with a valid token. On EngFlow clusters you may get a new access token by
accessing the cluster's UI under the tab `Getting Started`. To execute the client against your cluster, add the argument

1. `--token=token issued by valid authority`
1. `--token=your-long-JWT-token`
holds the authentication token.
Needed for both `grpc://` and `grpcs://` connections

Run the client using

```bash
bazel run //java/com/engflow/notificationqueue:client -- \
'--notification_queue_endpoint=grpcs://envoy.cluster.engflow.com' '--queue_name=eventstore/lifecycle-events' \
'--token=ghs_vHu2hAHwhg2EjBXrs4koOxk5PfSKVb2lzAUM'
'--notification_queue_endpoint=grpcs://$CLUSTER.cluster.engflow.com' '--queue_name=eventstore/lifecycle-events' \
'--token=DKiJ3eic9l150dDmzdMsaiu0K5boBle0UlkCefbgwzBE7G7FItgi2AOFpz6pkcMUFV3SkpAGikMckcaQhTTKUmGeZKpLh9gT6vTsi0v'
```

Note: The token provided in the example is not valid. You should count with a
valid envoy-mobile token to use envoy-cluster. Change your target cluster and
acquire a valid token for executing the client.

### Forwarding data to external server

Expand Down