[java] Challenge-Response / Digest Auth for GRPC
212 views
Skip to first unread message
William Shallum
Sep 18, 2017, 6:52:01 AM9/18/17
to grp...@googlegroups.com
Hi,
Has anyone attempted to do a challenge-response / digest
authentication implementation for GRPC? Our current services use a
token and HTTP Digest authentication to prove ownership of the token's
associated secret without passing it over the wire.
From what I see in the examples, most of the available authentication
samples is using bearer tokens.
We have locally built a server side interceptor (using the Java API)
that does digest authentication based on metadata in headers. The
client side interceptor also has been created but it does not have
transparent retry capability (e.g. if the nonce expires or on initial
request).
My questions are:
* Is this a good way of doing challenge/response over GRPC?
* Is it possible in the Java API to have an interceptor that can retry
requests transparently?
Your input is greatly appreciated.
Thanks,
William
Has anyone attempted to do a challenge-response / digest
authentication implementation for GRPC? Our current services use a
token and HTTP Digest authentication to prove ownership of the token's
associated secret without passing it over the wire.
From what I see in the examples, most of the available authentication
samples is using bearer tokens.
We have locally built a server side interceptor (using the Java API)
that does digest authentication based on metadata in headers. The
client side interceptor also has been created but it does not have
transparent retry capability (e.g. if the nonce expires or on initial
request).
My questions are:
* Is this a good way of doing challenge/response over GRPC?
* Is it possible in the Java API to have an interceptor that can retry
requests transparently?
Your input is greatly appreciated.
Thanks,
William
Eric Anderson
Sep 19, 2017, 7:59:58 PM9/19/17
to William Shallum, grpc-io
On Mon, Sep 18, 2017 at 3:51 AM, William Shallum <wsha...@bbmtek.com> wrote:
* Is this a good way of doing challenge/response over GRPC?
Yeah, an interceptor seems like a good approach.
* Is it possible in the Java API to have an interceptor that can retry
requests transparently?
Yes. It can be a bit painful, but essentially you call channel.newCall() more than once. You have to save the request in order to replay it though. I think there are some retrying interceptors floating around; you may search for one.
William Shallum
Sep 20, 2017, 6:01:45 AM9/20/17
to grpc-io
Thank you for the tips. I found an implementation here
https://github.com/grpc/grpc-java/pull/1570 and will study it for
inspiration.
Regards,
William
https://github.com/grpc/grpc-java/pull/1570 and will study it for
inspiration.
Regards,
William
Nandabasu M
Nov 17, 2017, 6:19:45 AM11/17/17
to grpc.io
Hi Eric/William,
I am very new to gRPC(just 5 days baby), We have planned and working on multiple services in gRPC.
We have gateway to all the services, used Eureka for service discovery and SPRING BASED backend and Angular4 for UI.
Here challenge I am facing is implementing OAuth2.0 for all requests. How can I implement Authorization server, secure my resource service and generating jwt token based on custom claims, just like OAuth2.0 with Spring Security.
Could you please help me with your great ideas and suggestion to implement it.
Your suggestions are most valuable and highly appreciated.
Eagerly waiting to hear from you guys.
Thanks & Regards,
Nanda
Reply all
Reply to author
Forward
0 new messages