How to make a REST API call to the minder server

[AGMETEOR]

From the minder.proto file, I see it's possible to make REST based API call instead instead of GRPC one. However, I am failing to authenticate to one of the endpoints at /api/v1/auth/url. Here's my cuRL command

curl --location --request GET 'http://api.stacklok.com/api/v1/auth/url' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <access_token>' \
--data '{
    "provider": "github",
    "cli": true,
    "port": 3000,
    "project_id": "",
    "owner": ""
}'

This still says "unauthenticated"

[JAORMX]

Hey! I see how that endpoint can be confusing. Minder doesn't do authentication by itself. Instead, we're leveraging keycloak to do the heavy lifting, and we subsequently just verify the token that keycloak provides. If you're interested in how that works, it's an OAuth2 flow that can be seen here https://github.com/stacklok/minder/blob/main/cmd/cli/app/auth/auth_login.go

[JAORMX]

Also, regarding that call, you'll need to provide a project ID. Which you get once you register.

[AGMETEOR]

@JAORMX put the project id but still says unauthenticated.

curl --location --request GET 'http://api.stacklok.com/api/v1/auth/url' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <access_token>' \
--data '{
    "provider": "github",
    "cli": true,
    "port": 3000,
    "project_id": <my_proj_id>,
    "owner": ""
}'

[AGMETEOR]

So I am trying to run the server locally but the container minder-minder-1 keeps failing and restarting. The logs I see an error

Error executing root command: unable to create server: failed to create crypto engine: failed to read token key file: failed to read key: open /app/.ssh/token_key_passphrase: no such file or directory

[AGMETEOR]

Never mind fixed with openssl rand -base64 32 > .ssh/token_key_passphrase

[AGMETEOR]

Ok so I have an update. The interceptor picks up the token as expected. The error was occurring because of a failure to parse the token. And the reason for the malformed token was my fault, I opened the credentials.json file with my editor and while copying I introduced tab/space? characters in the token.

Otherwise, I have tested on both api.stacklok.com and localhost and authentication over REST happens perfectly fine.

Thanks a lot @evankanderson and @JAORMX

[evankanderson]

Excellent! Glad to hear it was a misplaced character in the file.

Hopefully #1960 should make future such errors easier to catch.

We should also think about having different credential files for each grpc endpoint (to make it easier to switch between servers).

[AGMETEOR]

Yeah separating credential files is a good idea. Created the issue here #1961
I can explore ways to do this.