Username/password type authentication support in gRPC

[shikhach...@gmail.com]

Hey , 

I am looking for username/password type authentication support in gRPC . I found this particular discussion on group useful : https://groups.google.com/forum/#!topic/grpc-io/iLHgWC8o8UM.

Here one of the gRPC developer was recommending a solution where client can add some sort of authorization header.Could anyone please share : 

- If the recommended solution is available & if yes then which in gRPC version stack  ?

- If no , then please share how to add username/password support ( my SSL is already working) in gRPC ?

-Thanks

Shikha

[Osman Ali]

There is an OAuth2 sample here that is in objective-c. Kind of gives some guidance.

http://www.grpc.io/docs/tutorials/auth/oauth2-objective-c.html

http://www.grpc.io/docs/guides/auth.html

Seems as if you can use any authentication method that you normally would use for the client and server and then just use grpc as the rpc method to communicate. So at a basic level you would setup a service and have messages which pass the information you need.

[Jorge Canizales]

Hey Julien, do you know if the C++ library already supports auth plugins like you mentioned in that other thread?

Shikha - if it's not yet ready, "Option 1" as explained by Julien in that thread would be an equivalent way of doing it.

[Julien Boeuf]

Yes, there is support for plugins in C++, there's even an example here:

http://www.grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms

[shikhach...@gmail.com]

Thanks Osman.

[shikhach...@gmail.com]

Thanks a ton to both of you.

Also could you please share about sessions as well ?

- Can i maintain some authentication sessions like a web server in gRPC?

- Like a web server provides a "session token" once we successfully crosses the username/password step & this token remains valid for a certain amount of time(i.e the session duration)


-Shikha

[Masood Malekghassemi]

Assuming you mean having those tokens as metadata, the short answer is, "Yes," just pass the relevant session token back to the client from the server and have the client pass it back whenever it makes a new call. The specifics then depend on what language bindings you're using and what you actually want the server to do for authentication (e.g. you can have the server use some other OAuth2 library to check the metadata and decide whether or not to handle the call). Point being, the gRPC framework is mostly agnostic to how metadata is handled; beyond that it's your choice how to proceed in which language using what libraries for authentication and so forth.

[shikhach...@gmail.com]

Ook , Thanks a lot Masood.

-Regards

Shikha

[shikhach...@gmail.com]

Hey Julien , 

Could you please share the gRPC stack version in which this plugin is available ?

Thanks

-Shikha

On Wednesday, 20 January 2016 05:56:36 UTC+5:30, Julien Boeuf wrote:

[Scott Huang]

Does this OAuth2 plugin work in GO lang as well?

Thanks

-Scott

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/3fa4ae68-1894-4275-ad2a-53cc57f93b8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Scott Huang]

It looks like Golang grpc supports TLS using https://godoc.org/google.golang.org/grpc/credentials. It's different from gRPC authentication

On Tue, Feb 16, 2016 at 6:37 AM, <shikhach...@gmail.com> wrote: