support local conn with no auth and via http

YunchuWang · YunchuWang · commit 6f1d2bc91118 · 2025-01-08T22:46:31.000-08:00
diff --git a/src/Extensions/Azure/DurableTaskSchedulerExtensions.cs b/src/Extensions/Azure/DurableTaskSchedulerExtensions.cs
@@ -70,8 +70,6 @@ static GrpcChannel GetGrpcChannelForOptions(DurableTaskSchedulerOptions options)
             throw RequiredOptionMissing(nameof(options.TaskHubName));
         }
 
-        TokenCredential credential = options.Credential ?? throw RequiredOptionMissing(nameof(options.Credential));
-
         string taskHubName = options.TaskHubName;
         string endpoint = options.EndpointAddress;
 
@@ -112,17 +110,35 @@ options.Credential is not null
                 metadata.Add("Authorization", $"Bearer {token.Token}");
             });
 
+        // Production will use HTTPS, but local testing will use HTTP
+        ChannelCredentials channelCreds = endpoint.StartsWith("https://") ?
+            ChannelCredentials.SecureSsl :
+            ChannelCredentials.Insecure;
     #if NET6_0
-        return GrpcChannel.ForAddress(
-            endpoint,
-            new GrpcChannelOptions
+        return GrpcChannel.ForAddress(this.options.Address, new GrpcChannelOptions
             {
-                Credentials = ChannelCredentials.Create(ChannelCredentials.SecureSsl, managedBackendCreds),
+                // The same credential is being used for all operations.
+                // https://learn.microsoft.com/aspnet/core/grpc/authn-and-authz#set-the-bearer-token-with-callcredentials
+                Credentials = ChannelCredentials.Create(channelCreds, managedBackendCreds),
+
+                // TODO: This is not appropriate for use in production settings. Setting this to true should
+                //       only be done for local testing. We should hide this setting behind some kind of flag.
+                UnsafeUseInsecureChannelCallCredentials = true,
             });
     #else
         return new GrpcChannel(
             endpoint,
-            ChannelCredentials.Create(ChannelCredentials.SecureSsl, managedBackendCreds));
+            ChannelCredentials.Create(channelCreds, managedBackendCreds),
+            new GrpcChannelOptions
+            {
+                // The same credential is being used for all operations.
+                // https://learn.microsoft.com/aspnet/core/grpc/authn-and-authz#set-the-bearer-token-with-callcredentials
+                Credentials = ChannelCredentials.Create(channelCreds, managedBackendCreds),
+
+                // TODO: This is not appropriate for use in production settings. Setting this to true should
+                //       only be done for local testing. We should hide this setting behind some kind of flag.
+                UnsafeUseInsecureChannelCallCredentials = true,
+            });
     #endif
     }
 
