HTTP

JSON Web Tokens can only be presented via HTTP requests in the form of an Authorization header.

Authorization Header

For applications that communicate with Flipt over HTTP, the Authorization header is required.

It must be provided in the form Authorization: JWT <jwt>.

The following examples illustrate this in the context of various programming languages:

import (
  "context"
  "net/http"
)

func main() {
  req := http.NewRequest("GET", "https://flipt.your.instance/api/v1/flags", nil)
  req.Header.Set("Authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

  resp, err := http.Do(req)
  // ...
}

GRPC

For gRPC we use the Metadata functionality similar to HTTP Headers. The lower-case authorization metadata key should be supplied with a single string JWT <jwt> to any RPC calls.

Example

The following example authenticates a single gRPC client request:

rpc.go
func DoRequest(ctx context.Context, flagKey string) {
  ctx := metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

  flag, err := flipt.GetFlags(ctx, &flipt.GetFlagRequest{
    Key: flagKey,
  })

  //...
}

This subsequent example demonstrates using a client unary interceptor, which authenticates all outgoing requests:

interceptor.go
func AuthUnaryClientInterceptor(optFuncs ...CallOption) grpc.UnaryClientInterceptor {
    return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
        ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
        return invoker(ctx, method, req, reply, cc, opts...)
	}
}

HTTP

JSON Web Tokens can only be presented via HTTP requests in the form of an Authorization header.

Authorization Header

For applications that communicate with Flipt over HTTP, the Authorization header is required.

It must be provided in the form Authorization: JWT <jwt>.

The following examples illustrate this in the context of various programming languages:

import (
  "context"
  "net/http"
)

func main() {
  req := http.NewRequest("GET", "https://flipt.your.instance/api/v1/flags", nil)
  req.Header.Set("Authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

  resp, err := http.Do(req)
  // ...
}

GRPC

For gRPC we use the Metadata functionality similar to HTTP Headers. The lower-case authorization metadata key should be supplied with a single string JWT <jwt> to any RPC calls.

Example

The following example authenticates a single gRPC client request:

rpc.go
func DoRequest(ctx context.Context, flagKey string) {
  ctx := metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

  flag, err := flipt.GetFlags(ctx, &flipt.GetFlagRequest{
    Key: flagKey,
  })

  //...
}

This subsequent example demonstrates using a client unary interceptor, which authenticates all outgoing requests:

interceptor.go
func AuthUnaryClientInterceptor(optFuncs ...CallOption) grpc.UnaryClientInterceptor {
    return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
        ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
        return invoker(ctx, method, req, reply, cc, opts...)
	}
}