We don't have a strong opinion about how to pass credentials around; we leave the decision up to you. Only the means to propagate it are provided. Since you are using Scala, it likely means you are using the Java runtime. In java, Context is the way to pass this kind of information around. You can extract credentials from the server side and put it in the context, and then put them back into the outgoing call using a client interceptor.
MoreCallCredentials shows an example of how to do authentication before the RPC is actually sent out, including refreshing tokens. On Thursday, February 9, 2017 at 8:25:18 AM UTC-8, Charles Crain wrote: > > I am in the process of trying to implement gRPC into an existing > microservice system based on HTTP. We're trying to use grpc-gateway > <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjeqJjVs4PSAhUCxVQKHaEKBYoQFggaMAA&url=https%3A%2F%2Fgithub.com%2Fgrpc-ecosystem%2Fgrpc-gateway&usg=AFQjCNGjBhqcKD5hwJP5cplxDw7APhFMCg&bvm=bv.146496531,d.amc> > > to bridge REST calls from a browser into back end gRPC services. We have > an existing token-based authentication mechanism that uses a JSON Web Token > to represent a user session. I am trying to figure out how best to pass > this token around between gRPC services and how best to get it from HTTP > land (from the browser or an external REST client) into gRPC. > > I already found this <http://www.grpc.io/docs/guides/auth.html>, which > seems to dance around my issue but is mostly client code examples without > any treatment of how to get at auth token information from within a server. > The closest thing I found along these lines (I am using Scala, but there > are equivalent examples in other languages) was this code sample > <https://github.com/xuwei-k/grpc-scala-sample/tree/master/grpc-scala/src/main/scala/io/grpc/examples/header>, > > which uses something called an "interceptor" to get at the request headers. > The example just logs them to a file, but what I really want to do is make > an asynchronous gRPC call into another service to get information about > resource authorization and so forth, that varies based on what server > method is being called (i.e. different server methods will require access > to different resources). > > In summary: how do I get at authentication information (particularly when > present in gRPC headers) such that I can perform server-specific logic on > it that may vary from method to method, and that may involve making gRPC > calls into other services? Secondarily, when making a gRPC call into > another service from within a gRPC server, how do I ensure credentials are > preserved across the call chain? > > Thanks! > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/fa8082be-f4ee-4cd3-a603-a24a224955a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
