fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
309 Commits
9 Branches
34 MiB
Tree: 799031abf2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '799031abf2'
${ noResults }
transfer.sh/vendor/google.golang.org/grpc/examples/features/authentication/README.md

README.md 2.3 KiB
Raw Normal View History

Bump google.golang.org/api
5 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. # Authentication

  2. 

  3. In grpc, authentication is abstracted as

  4. [`credentials.PerRPCCredentials`](https://godoc.org/google.golang.org/grpc/credentials#PerRPCCredentials).

  5. It usually also encompasses authorization. Users can configure it on a

  6. per-connection basis or a per-call basis.

  7. 

  8. The example for authentication currently includes an example for using oauth2

  9. with grpc.

  10. 

  11. ## Try it

  12. 

  13. ```

  14. go run server/main.go

  15. ```

  16. 

  17. ```

  18. go run client/main.go

  19. ```

  20. 

  21. ## Explanation

  22. 

  23. ### OAuth2

  24. 

  25. OAuth 2.0 Protocol is a widely used authentication and authorization mechanism

  26. nowadays. And grpc provides convenient APIs to configure OAuth to use with grpc.

  27. Please refer to the godoc:

  28. https://godoc.org/google.golang.org/grpc/credentials/oauth for details.

  29. 

  30. #### Client

  31. 

  32. On client side, users should first get a valid oauth token, and then call

  33. [`credentials.NewOauthAccess`](https://godoc.org/google.golang.org/grpc/credentials/oauth#NewOauthAccess)

  34. to initialize a `credentials.PerRPCCredentials` with it. Next, if user wants to

  35. apply a single OAuth token for all RPC calls on the same connection, then

  36. configure grpc `Dial` with `DialOption`

  37. [`WithPerRPCCredentials`](https://godoc.org/google.golang.org/grpc#WithPerRPCCredentials).

  38. Or, if user wants to apply OAuth token per call, then configure the grpc RPC

  39. call with `CallOption`

  40. [`PerRPCCredentials`](https://godoc.org/google.golang.org/grpc#PerRPCCredentials).

  41. 

  42. Note that OAuth requires the underlying transport to be secure (e.g. TLS, etc.)

  43. 

  44. Inside grpc, the provided token is prefixed with the token type and a space, and

  45. is then attached to the metadata with the key "authorization".

  46. 

  47. ### Server

  48. 

  49. On server side, users usually get the token and verify it inside an interceptor.

  50. To get the token, call

  51. [`metadata.FromIncomingContext`](https://godoc.org/google.golang.org/grpc/metadata#FromIncomingContext)

  52. on the given context. It returns the metadata map. Next, use the key

  53. "authorization" to get corresponding value, which is a slice of strings. For

  54. OAuth, the slice should only contain one element, which is a string in the

  55. format of <token-type> + " " + <token>. Users can easily get the token by

  56. parsing the string, and then verify the validity of it.

  57. 

  58. If the token is not valid, returns an error with error code

  59. `codes.Unauthenticated`.

  60. 

  61. If the token is valid, then invoke the method handler to start processing the

  62. RPC.