Authentication sessions in gRPC

[shikhach...@gmail.com]

Hey , 

Can someone please share about auth sessions : 

- Can i maintain some authentication sessions like a web server in gRPC?

- Like a web server provides a "session token" once we successfully crosses the username/password step & this token remains valid for a certain amount of time(i.e the session duration)

-Shikha

[kelsey.h...@gmail.com]

While I'm not using sessions in the following example, it's totally possible to to accomplish what you are trying to do. The following link demonstrates how I'm handling validation of JWT tokens on the server side:

https://github.com/kelseyhightower/grpc-hello-service/blob/master/hello-server/main.go#L72

Next, the following demonstrates how I'm passing in a JWT token from the client:

https://github.com/kelseyhightower/grpc-hello-service/blob/master/hello-client/main.go#L56

In order to get JWT working I had implement the gRPC credentials.Credentials interface and use it from the client linked above.

https://github.com/kelseyhightower/grpc-hello-service/blob/master/credentials/jwt/jwt.go

Hope this helps.

 

-Shikha

[shikhach...@gmail.com]

Hey , 

Thanks a lot  but i am not using Oauth2. I am not aware about the Oauth2 details but i think JWT tokens are used in Oauth2 mechanism. These token are limited in time.

Could you share some support for sessions around simple username/password type mechanism ?

-Shikha

[Masood Malekghassemi]

I'm confused - didn't you ask for having a session duration in the opening question?

[shikhach...@gmail.com]

Yup , your are right , the question was around sessions only.
But i am not using Oauth2/JWT tokens. Kind of basic auth (username/password) i am trying to find out in gRPC. 

Basic auth gives a session token once we crosses the username/password step.

Can you guys suggest some relevant docs or link ?

-Shikha