From a2f954c7c552cc3cd7611650ae939417892ddce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Felipe=20Barco?= Date: Thu, 17 Jul 2025 09:58:58 -0500 Subject: [PATCH 1/3] NQ example: fix token usage in code & docs --- .../com/engflow/notificationqueue/Client.java | 7 +++++-- java/com/engflow/notificationqueue/README.md | 19 ++++++------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/java/com/engflow/notificationqueue/Client.java b/java/com/engflow/notificationqueue/Client.java index a19ed71c..d53b7122 100644 --- a/java/com/engflow/notificationqueue/Client.java +++ b/java/com/engflow/notificationqueue/Client.java @@ -85,8 +85,11 @@ public static void main(String[] args) throws Exception { try { final Metadata header = new Metadata(); Metadata.Key userKey = - Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER); - header.put(userKey, "Bearer " + clientOptions.getOption("token")); + Metadata.Key.of("x-engflow-auth-method", Metadata.ASCII_STRING_MARSHALLER); + header.put(userKey, "jwt-v0"); + Metadata.Key tokenKey = + Metadata.Key.of("x-engflow-auth-token", Metadata.ASCII_STRING_MARSHALLER); + header.put(tokenKey, clientOptions.getOption("token")); pull(channel, clientOptions.getOption("queue_name"), header, forwardChannel); } finally { if (channel != null) { diff --git a/java/com/engflow/notificationqueue/README.md b/java/com/engflow/notificationqueue/README.md index 87636379..23544606 100644 --- a/java/com/engflow/notificationqueue/README.md +++ b/java/com/engflow/notificationqueue/README.md @@ -44,16 +44,12 @@ bazel run //java/com/engflow/notificationqueue:client -- \ ``` -### Using tokens to run the client +### Using JWT to run the client -In the second for case authentication you should have a token issued by a -valid authority. In this example we use cluster used by the -[open-source envoy-mobile](https://github.com/envoyproxy/envoy-mobile) project. -It uses [GitHub tokens](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) for authentication method but your server may support -other token provider. To execute the client against the envoy-mobile cluster add -the argument +In the second for case authentication you should have a valid token. On EngFlow clusters you may get a new access token by +accessing the cluster's UI under the tab `Getting Started`. To execute the client against your cluster, add the argument -1. `--token=token issued by valid authority` +1. `--token=your-long-JWT-token` holds the authentication token. Needed for both `grpc://` and `grpcs://` connections @@ -61,13 +57,10 @@ Run the client using ```bash bazel run //java/com/engflow/notificationqueue:client -- \ - '--notification_queue_endpoint=grpcs://envoy.cluster.engflow.com' '--queue_name=eventstore/lifecycle-events' \ - '--token=ghs_vHu2hAHwhg2EjBXrs4koOxk5PfSKVb2lzAUM' + '--notification_queue_endpoint=grpcs://$CLUSTER.cluster.engflow.com' '--queue_name=eventstore/lifecycle-events' \ + '--token=DKiJ3eic9l150dDmzdMsaiu0K5boBle0UlkCefbgwzBE7G7FItgi2AOFpz6pkcMUFV3SkpAGikMckcaQhTTKUmGeZKpLh9gT6vTsi0v' ``` -Note: The token provided in the example is not valid. You should count with a -valid envoy-mobile token to use envoy-cluster. Change your target cluster and -acquire a valid token for executing the client. ### Forwarding data to external server From 5025ad1831ac632e175f76f6fcc3f7b2a5135341 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Felipe=20Barco?= Date: Thu, 17 Jul 2025 10:00:18 -0500 Subject: [PATCH 2/3] method --- java/com/engflow/notificationqueue/Client.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/com/engflow/notificationqueue/Client.java b/java/com/engflow/notificationqueue/Client.java index d53b7122..78dd1afd 100644 --- a/java/com/engflow/notificationqueue/Client.java +++ b/java/com/engflow/notificationqueue/Client.java @@ -84,9 +84,9 @@ public static void main(String[] args) throws Exception { } try { final Metadata header = new Metadata(); - Metadata.Key userKey = + Metadata.Key methodKey = Metadata.Key.of("x-engflow-auth-method", Metadata.ASCII_STRING_MARSHALLER); - header.put(userKey, "jwt-v0"); + header.put(methodKey, "jwt-v0"); Metadata.Key tokenKey = Metadata.Key.of("x-engflow-auth-token", Metadata.ASCII_STRING_MARSHALLER); header.put(tokenKey, clientOptions.getOption("token")); From 4fbe4841bdffacae3d82155166f9831b2ebc6add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Felipe=20Barco=20Santa?= Date: Fri, 18 Jul 2025 11:51:27 -0500 Subject: [PATCH 3/3] Update java/com/engflow/notificationqueue/README.md --- java/com/engflow/notificationqueue/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/com/engflow/notificationqueue/README.md b/java/com/engflow/notificationqueue/README.md index 23544606..b970a66a 100644 --- a/java/com/engflow/notificationqueue/README.md +++ b/java/com/engflow/notificationqueue/README.md @@ -46,7 +46,7 @@ bazel run //java/com/engflow/notificationqueue:client -- \ ### Using JWT to run the client -In the second for case authentication you should have a valid token. On EngFlow clusters you may get a new access token by +In the second authentication case you should count with a valid token. On EngFlow clusters you may get a new access token by accessing the cluster's UI under the tab `Getting Started`. To execute the client against your cluster, add the argument 1. `--token=your-long-JWT-token`