Auth-token and updating schema - "Alter denied with error: No Auth Token found"

erlendoverby · August 12, 2020, 9:41am

I’m using:

Dgraph version : v20.07.0
Dgraph codename : shuri
Dgraph SHA-256 : 4cd320fc6eab163ab68602a5122a6c82c8467c2ed5ac93478d5f40d44eec71c4
Commit SHA-1 : d65e20530
Commit timestamp : 2020-07-28 15:31:37 -0700
Branch : HEAD
Go version : go1.14.4

To increase the security of my services a little I have added a auth_token to my startup of dgraph alpha.
In my dgraph-js client I have added the auth-token secret to the dGraph client.
The client is whitelisted.

let dgraphStub = dgraph.DgraphClientStub(DGRAPH_SERVER_URL, grpc.credentials.createInsecure(),
{
‘auth-token’: ‘secret’
})

let dGraphClient = dgraph.DgraphClient(dgraphStub)

This works great when I mutate and read data from the database.

However, when I try to update my schema -

let dGraphOperation = new dgraph.Operation()
dGraphOperation(’’)
dgraphClient.alter(dGraphOperation)

I get the following error:
“server.go:222] Alter denied with error: No Auth Token found. Token needed for Alter operations.”

And in my understanding I have submitted the Token needed.
In the dgraph4j client there is an example on how to set up the auth-token to make it work.

Is there an example on how this could be implemented using the dgraph-js client?

Best regards
Erlend Øverby

MichelDiz · August 13, 2020, 2:12am

--auth_token - This token, for now, protects only the Alter and Admin requests. Not mutations or queries. The Poor man’s ACL will be soon available for other requests.

See this comment.

So, for the Alter case, I’m not sure if it is implemented in Dgraph-js. Maybe @paulftw or @dmai can give some light here.

MichelDiz · August 13, 2020, 3:11am

Actually I have found the solution. It is pretty easy. You have to use grpc’s method to create the metadata. And use it on each call. e.g:

This is very similar to GitHub - dgraph-io/dgo: Official Dgraph Go client

Set this “globally”.

var meta = new grpc.Metadata();
meta.add('auth-token', 'myTestSecret');

And on each call add the meta var

async function dropAll(dgraphClient) {
    const op = new dgraph.Operation();
    op.setDropAll(true);
    await dgraphClient.alter(op, meta);
}

async function setSchema(dgraphClient) {
    const schema = `
        name: string @index(exact) .
        age: int .
        married: bool .
        loc: geo .
        dob: datetime .
        friend: [uid] @reverse .
    `;
    const op = new dgraph.Operation();
    op.setSchema(schema);
    await dgraphClient.alter(op, meta);
}

erlendoverby · August 13, 2020, 11:00pm

Thanks - this solved my problem. You are wizards

However it does not work if the token contains the letter &.

And it is my misinterpretation that the auth_token also was checking mutation operations.

Keep up the great work

Cheers
Erlend

Naman · August 24, 2020, 1:39pm

@erlendoverby, closing this issue. As the problem is solved, can you please mark the answer as solution.

Topic		Replies	Views
I got an No Auth Token error when alter the schema with dgraph4j client Dgraph Clients dgraph4j	2	750	July 30, 2020
Update package for dgraph-js-http Dgraph dgraph , dgraph-js-http , dgraph-js	7	983	September 27, 2020
@auth, cors, securing alter operations, and request headers Dgraph kind:question , auth , area:security , ticket:created , cors	6	1512	January 15, 2021
Dgraph-js and auth-token problem - Error: Incorrect arguments passed Dgraph Clients	2	1272	October 9, 2020
DGO how do you add an Authorization token to dgraph queries Dgraph Cloud kind:question , auth , dgo	0	716	January 31, 2021

Auth-token and updating schema - "Alter denied with error: No Auth Token found"

Related topics