Clients that talk to Google using an OAuth credential are pretty straightforward, see the following document for sample code of how to use it.
https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-auth-support.md If you want to create a *server* that uses Google OAuth tokens, or OAuth from some other authority, you are going to need to write some code, and it seems fairly complicated. I investigated some alternatives, but they ended up requiring a fair amount of fiddling with keys. Since I was hoping to avoid that, I'm now using a stupid "shared secret" authentication mechanism which is good enough for my application for the moment. Some stuff that I think can work, but which require some work: * Client A gets an OAuth Access token from Google, with some scopes, and passes it to Service B. Service B then can pass that token to Google to use the service, on behalf of Client A. I think this will "just work" with the NewApplicationDefault credentials. On the server, you'll have to dig the token out of the Metadata "authentication" header * Client A does the work to create a signed OAuth JWT token, and pass it to Service B. Service B can then verify Client A's identity by verifying the OAuth JWT. There are some Python code examples buried in Google Cloud Endpoints and Google Cloud IAP Proxy that explain how this can work: https://cloud.google.com/endpoints/docs/using-service-to-service-authentication-grpc https://cloud.google.com/iap/docs/authentication-howto If you want a server that uses token from some other authority, you are definitely going to need to glue together the various JWT/OAuth implementations into GRPC. I hope this helps. Let me know if you figure out anything easy here, Evan On Wednesday, March 15, 2017 at 7:37:57 AM UTC-4, Aakarshit Naga Sai Batchu wrote: > > grpc-go has a library credentials/oauth. Link provided below > > https://godoc.org/google.golang.org/grpc/credentials/oauth > > Can anyone write a Simple Golang GRPC Server and Client program using > OAuth over TLS for security? > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/4f1821e3-93ee-4c22-9559-96cfdb6e52dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
