Summary
Authentication token parsing silently discards errors using .ok(), making debugging auth failures difficult.
Location
crates/service/src/api/grpc/grpc_service.rs:201-202
.and_then(|v| v.to_bytes().ok())
.and_then(|b| String::from_utf8(b.to_vec()).ok())
Problem
When token parsing fails, users get a generic "unauthenticated" error with no context about WHY the token was invalid:
- Malformed binary tokens (could indicate protocol issues)
- Invalid UTF-8 in tokens (could indicate corruption)
- Buffer issues
Developers debugging auth failures have no clue whether the token was malformed, corrupted, or simply wrong.
Impact
- Difficult to debug authentication issues
- Silent masking of protocol/encoding problems
- Poor observability for security events
Suggested Fix
Log the specific parsing failures before converting to Status:
let token = metadata
.get_bin("auth-token-bin")
.and_then(|v| v.to_bytes().map_err(|e| {
warn!("Token bytes error: {}", e);
e
}).ok())
.and_then(|b| String::from_utf8(b.to_vec()).map_err(|e| {
warn!("Token UTF-8 error: {}", e);
e
}).ok())
.ok_or_else(|| Status::unauthenticated("Invalid or missing auth-token-bin"))?;Priority
P3 - Observability improvement
Summary
Authentication token parsing silently discards errors using
.ok(), making debugging auth failures difficult.Location
crates/service/src/api/grpc/grpc_service.rs:201-202Problem
When token parsing fails, users get a generic "unauthenticated" error with no context about WHY the token was invalid:
Developers debugging auth failures have no clue whether the token was malformed, corrupted, or simply wrong.
Impact
Suggested Fix
Log the specific parsing failures before converting to Status:
Priority
P3 - Observability improvement