Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProxyAuthenticator Support for OtlpHttp{Signal}Exporters #6819

Open
jigarkb opened this issue Oct 25, 2024 · 4 comments
Open

ProxyAuthenticator Support for OtlpHttp{Signal}Exporters #6819

jigarkb opened this issue Oct 25, 2024 · 4 comments
Labels
Feature Request Suggest an idea for this project

Comments

@jigarkb
Copy link

jigarkb commented Oct 25, 2024

Is your feature request related to a problem? Please describe.
OtlpHttp{Signal}Exporters do support Proxy configuration. Thanks to this issue #6204. However, we don't expose the ProxyAuthenticator that OkHttp requires if want to use an authenticated proxy. See square/okhttp#3607 for more details on why we can't just set the Proxy-Authorization header.

Describe the solution you'd like
Enhance ProxyOptions class to support providing ProxyAuthenticator in addition to ProxySelector.
@jigarkb jigarkb added the Feature Request Suggest an idea for this project label Oct 25, 2024
@jack-berg
Copy link
Member

We have an experimental configuration optional called Authenticator modeled after the OkHttp Authenticator concept.

Its a bit hard to use right now.. Something like:

    OtlpHttpMetricExporterBuilder exporterBuilder =
        OtlpHttpMetricExporter.builder()
            .setEndpoint(...)
            .setProxyOptions(...);
    Authenticator.setAuthenticatorOnDelegate(
        exporterBuilder,
        () -> Collections.singletonMap("Proxy-Authorization", proxyAuthorizationToken()));
    OtlpHttpMetricExporter exporter = exporterBuilder.build();

See OkHttpHttpSender for details on how its translated to the Okhttp Authenticator.

Is there something specific about proxy authentication that makes our Authenticator insufficient?

@jigarkb
Copy link
Author

jigarkb commented Oct 29, 2024

@jack-berg The issue is okhttp won't accept Proxy-Authorization from normal Authenticator. It requires us to set proxyAuthenticator from builder. See https://github.com/square/okhttp/blob/90d2c07566ba552c5320b00249f61a9469270117/okhttp/src/main/kotlin/okhttp3/OkHttpClient.kt#L777-L786
and https://github.com/square/okhttp/blob/90d2c07566ba552c5320b00249f61a9469270117/okhttp/src/main/kotlin/okhttp3/OkHttpClient.kt#L869-L882

@jack-berg
Copy link
Member

I see. I think it probably makes sense to add support for setting an Authenticator specifically for use with the proxy.

But really we ought to revisit Authenticator, which has been around for a while, yet doesn't feel particularly close to stabilizing, since its not supported in JdkHttpSender, or OkHttpGrpcSender, UpstreamGrpcSender. The concept seems sort of half-baked, and its API and semantics need to be better articulated so it can be supported outside of just OkHttp.

@jigarkb
Copy link
Author

jigarkb commented Oct 30, 2024

I realize the Authenticator implementation is still incomplete. In the meantime, would it be acceptable to proceed with adding the Authenticator to ProxyOptions and using it within OkHttpHttpSender? If so, I can contribute and open a PR for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request Suggest an idea for this project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jigarkb @jack-berg