Auth-token and updating schema - "Alter denied with error: No Auth Token found"

I’m using:

Dgraph version : v20.07.0
Dgraph codename : shuri
Dgraph SHA-256 : 4cd320fc6eab163ab68602a5122a6c82c8467c2ed5ac93478d5f40d44eec71c4
Commit SHA-1 : d65e20530
Commit timestamp : 2020-07-28 15:31:37 -0700
Branch : HEAD
Go version : go1.14.4

To increase the security of my services a little I have added a auth_token to my startup of dgraph alpha.
In my dgraph-js client I have added the auth-token secret to the dGraph client.
The client is whitelisted.

let dgraphStub = dgraph.DgraphClientStub(DGRAPH_SERVER_URL, grpc.credentials.createInsecure(),
{
‘auth-token’: ‘secret’
})

let dGraphClient = dgraph.DgraphClient(dgraphStub)

This works great when I mutate and read data from the database.

However, when I try to update my schema -

let dGraphOperation = new dgraph.Operation()
dGraphOperation(’’)
dgraphClient.alter(dGraphOperation)

I get the following error:
“server.go:222] Alter denied with error: No Auth Token found. Token needed for Alter operations.”

And in my understanding I have submitted the Token needed.
In the dgraph4j client there is an example on how to set up the auth-token to make it work.

Is there an example on how this could be implemented using the dgraph-js client?

Best regards
Erlend Øverby

--auth_token - This token, for now, protects only the Alter and Admin requests. Not mutations or queries. The Poor man’s ACL will be soon available for other requests.

See this comment.

So, for the Alter case, I’m not sure if it is implemented in Dgraph-js. Maybe @paulftw or @dmai can give some light here.

Actually I have found the solution. It is pretty easy. You have to use grpc’s method to create the metadata. And use it on each call. e.g:

This is very similar to GitHub - dgraph-io/dgo: Official Dgraph Go client

Set this “globally”.

var meta = new grpc.Metadata();
meta.add('auth-token', 'myTestSecret');

And on each call add the meta var

async function dropAll(dgraphClient) {
    const op = new dgraph.Operation();
    op.setDropAll(true);
    await dgraphClient.alter(op, meta);
}

async function setSchema(dgraphClient) {
    const schema = `
        name: string @index(exact) .
        age: int .
        married: bool .
        loc: geo .
        dob: datetime .
        friend: [uid] @reverse .
    `;
    const op = new dgraph.Operation();
    op.setSchema(schema);
    await dgraphClient.alter(op, meta);
}

2 Likes

Thanks - this solved my problem. You are wizards :slight_smile:

However it does not work if the token contains the letter &.

And it is my misinterpretation that the auth_token also was checking mutation operations.

Keep up the great work

Cheers
Erlend

@erlendoverby, closing this issue. As the problem is solved, can you please mark the answer as solution. :slight_smile: