Unique Client identification on gRPC

[shikhach...@gmail.com]

Hello , 

Can a gRPC server uniquely identify different clients?

- For a e.g if i am sending 10 RPC request from terminal T1  & next 10 from T2. How the server can identify this.

- I just to know that the first 10 are coming from T1 & next 10 from T2.

-Shikha

[GoldenBull Chen]

One possible solution is handshake protocol in app level.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/a9387fd7-cbc8-4c7f-ae8f-0708207ea74b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Eric Anderson]

Why do you need to know which terminal sent which request? Do the requests have different meaning depending on which terminal sent them, or do you need to manage security?

How are the terminals identified?

On Wed, Jan 27, 2016 at 3:20 AM, GoldenBull Chen <golde...@gmail.com> wrote:

One possible solution is handshake protocol in app level.

2016-01-27 14:01 GMT+08:00 <shikhach...@gmail.com>:

Hello , 

Can a gRPC server uniquely identify different clients?

- For a e.g if i am sending 10 RPC request from terminal T1  & next 10 from T2. How the server can identify this.

- I just to know that the first 10 are coming from T1 & next 10 from T2.

-Shikha

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/a9387fd7-cbc8-4c7f-ae8f-0708207ea74b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAH9SKwJwUh-bMoCujUu2tpJ1fOMeDxUcjOPFX7ExqWxa-GKx7Q%40mail.gmail.com.

[shikhach...@gmail.com]

Yup , i want to use it for security.

- apart from SSL , I want the client to send username/password to authenticate on server.

- But i want the client to send this username/password info only once , after that i can add some intelligence on the server side to check that the  RPCs are now coming from the authenticated client.

It would be great if you could suggest some other way to achieve this?

Regards

-Shikha

On Wednesday, 27 January 2016 22:49:11 UTC+5:30, Eric Anderson wrote:

Why do you need to know which terminal sent which request? Do the requests have different meaning depending on which terminal sent them, or do you need to manage security?

How are the terminals identified?

On Wed, Jan 27, 2016 at 3:20 AM, GoldenBull Chen <golde...@gmail.com> wrote:

One possible solution is handshake protocol in app level.

2016-01-27 14:01 GMT+08:00 <shikhach...@gmail.com>:

Hello , 

Can a gRPC server uniquely identify different clients?

- For a e.g if i am sending 10 RPC request from terminal T1  & next 10 from T2. How the server can identify this.

- I just to know that the first 10 are coming from T1 & next 10 from T2.

-Shikha

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/a9387fd7-cbc8-4c7f-ae8f-0708207ea74b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.

[shikhach...@gmail.com]

Ok I am using SSL , but could you please elaborate how handshake protocol can help me?

[Eric Anderson]

On Wed, Jan 27, 2016 at 9:27 AM, <shikhach...@gmail.com> wrote:

Yup , i want to use it for security.

- apart from SSL , I want the client to send username/password to authenticate on server.

- But i want the client to send this username/password info only once , after that i can add some intelligence on the server side to check that the  RPCs are now coming from the authenticated client.

gRPC does not provide this level of functionality, because it isn't valid when proxies are used and even sometimes when they're not. You should either have the application provide the username/password each request (in metadata) and just cache the result server-side, or you should have the application exchange the username/password for a token that is then provided each request (in metadata).

[shikhach...@gmail.com]

Thanks Eric.

-  Those tokens can be either Oauth2.0 token or  JSON web token(JWT) only ? As they both will expire in time.

-   Can i  add  a simpel token in metadata while sending back the request to client like basic auth. This token may or may not expire .  Or is it mandatory to user Oauth2.0/JWT tokens only?

- Thanks

Shikha

[Eric Anderson]

On Wed, Jan 27, 2016 at 9:45 AM, <shikhach...@gmail.com> wrote:

-  Those tokens can be either Oauth2.0 token or  JSON web token(JWT) only ? As they both will expire in time.

OAuth 2 is the type of token that we have tried to make relatively easy on client-side. But you are free to do your own.

-   Can i  add  a simpel token in metadata while sending back the request to client like basic auth. This token may or may not expire .  Or is it mandatory to user Oauth2.0/JWT tokens only?

You can develop your own token and simply use Metadata to pass it between the client and server.

[shikhach...@gmail.com]

That's great.Thanks a  ton .

-Regards

Shikha