Custom OAuth authentication with grpc

2,052 views
Skip to first unread message

Gutemberg Ribeiro

unread,
Jun 29, 2016, 6:00:55 PM6/29/16
to grp...@googlegroups.com

Hello guys,

 

Is there any guidance on how to add support to our own OAuth authentication? Our servers today use https://github.com/IdentityServer/IdentityServer3 with client_credentials flow and we are evaluating if is feasible to make our device communication with our servers (.Net C#) by using grps but we are concerned about the authentication.

 

I saw in the docs that Oauth is used but only for google services and we would like to customize it to use our own. Is there any guidance?

 

Thanks!

Best regards,

 

Gutemberg

 

Sent from Mail for Windows 10

 

Julien Boeuf

unread,
Jul 12, 2016, 7:14:42 PM7/12/16
to grpc.io, gute...@outlook.com
Hi Gutemberg,

Which language are you using on the client side?

There is a way to extend client credentials documented here (for C++):

The other wrapped languages should be able to use a similar API.

     Julien.

Gutemberg Ribeiro

unread,
Jul 12, 2016, 7:28:33 PM7/12/16
to Julien Boeuf, grpc.io

Hello Julien and thanks for get back.

 

Our client is basically a node.js/chromium application(electron.atom.io) embbeded on the ARM device.

 

Out server is a C# webAPI which is basically RPC and we want to move it to use a solid RPC framework, and that is why we are reaching you guys out.

 

In order to achieve that, we need to replace our server from a webAPI to a C#-based gRPC service and, implement the client, and implement the Oauth support on both ends, by integrating it with IdentityServer for client credentials so the client just make follow the client_credentials flow, and push the token to the server which in turn, should grab that token and push the IdentityServer in order to validate that token and obtains the client claims for authorization.

 

Our client application is basically Javascript code and since it is based on node.js we can (1) use any pre-existent client for node.js/JS or (2) use gRPC C++ as a node.js native plugin so we can call its native lib from the JS world.

 

Is that possible?

 

Thanks

Gutemberg

 

Sent from Mail for Windows 10

 

Julien Boeuf

unread,
Jul 12, 2016, 8:15:57 PM7/12/16
to Gutemberg Ribeiro, grpc.io, Michael Lumish, Jan Tattermusch
+Michael (node)
+Jan (C#)

Hi Gutemberg,

We have a nodejs implementation of gRPC already so I guess, it would make much more sense to use this one on the client since threading is typically difficult to get right between node and C++ (2). For the oauth integration on the client, you would need an adapter similar to the one that we have for grpc.credentials.createFromGoogleCredential for our auth library.

On the server side, you would extract the metadata, get the authorization header/metadata and pass that to your external library for verification before granting access.

Cheers,

     Julien.

and...@gmail.com

unread,
Sep 12, 2016, 12:19:00 PM9/12/16
to grpc.io, gute...@outlook.com, mlu...@google.com, jtatte...@google.com
"For the oauth integration on the client, you would need an adapter similar to the one that we have for grpc.credentials.createFromGoogleCredential for our auth library."
Is the any exampled available how to impalement it? I'm looking forward to see how to add OpenID Connect to grpc c# server with IdentityServer4.
Reply all
Reply to author
Forward
0 new messages